Are You Prepared for a Cyber Blackout?

Advanced Incident Preparedness with Wickr

Fortune favors the prepared. For cyber incident responders and continuity experts, the most critical time to act is before an incident occurs.

Increased dependence on electronic communications and IT systems means increased vulnerability to a scenario coming to be known as Cyber Blackout (CBO). In a CBO, operational conditions in the wake of an outage or security incident degrade to the point that critical systems can no longer be used or trusted. The breadth of such an event can have a significant impact, recursively affecting the business and the ability of its response team to investigate and restore operations.

Is your company prepared for a CBO?

You may have an emergency response and contingency plan for major systems and application servers, but how will you communicate securely in this kind of event – especially if communication systems are part of a targeted attack or if you are not sure?

How will your cyber incident response team share the following sensitive communications during a CBO?

  • Infrastructure scan results
  • Found vulnerabilities
  • Countermeasure information
  • Investigation summaries
  • Next steps
  • Information on key personnel

What you can do right now to prepare

Information exchanged in the course of an incident investigation is extremely valuable to an attacker who is trying to evade detection and maximize damage. Thinking about how to communicate effectively with your response team is a necessary early step.

  • Understand what data and information are important to you and when.
  • Assume that your communications systems will be compromised and ensure that you have a secure channel in which to communicate and coordinate response efforts.
  • Consider using APIs to orchestrate on top of a data transport layer like Wickr’s that ensures anything sent is only seen and received by verified recipients.
  • Ensure your Crisis communication and IR related documentation are updated on a regular basis and distributed within secure channels to relevant personnel and consultants.
  • Discuss how you will capture, retain and evaluate information for an after action report, before an incident happens.
incident response process

Out of Band Communications

Highly secure, out-of-band communication channels are deployed, configured and regularly exercised to provide the necessary capabilities in times of crisis. Wickr includes:

  • 1:1 and group collaboration capabilities with internal and external personnel, including file sharing.
  • Audio/video conference calling, including screen sharing.
  • API integrations for advanced orchestration and workflows.
  • Wickr allows for usage and data retention policies to be enforced at the administrative level.
  • Team members are pre- provisioned into communication systems and organized by function, geography, seniority, and group to ensure seamless functioning in times of crisis.
  • Using modern orchestration tools and techniques the appropriate information, logs and communications are automatically sent to the proper teams in their respective secure Wickr Rooms.

Learning from Prior Incidents

Examples of CBO incidents include Sony, Maersk, and Merck. Much was learned from the Sony breach of 2014, where attackers not only compromised documentation, movies, and personnel information, but also gained access to Sony’s internal communication channels. From this vantage point, attackers were able to monitor Sony’s IR discussions and response scenarios to the attack, thus thwarting Sony’s ongoing efforts, extending the PR story and compounding the overall damage. The primary lesson learned for all industry was that any tool used for communication must be secure and must not depend on existing infrastructure. More recently, organizations like CBS have learned that simply being out-of- band isn’t enough – you must use a tool that meets all needs including compliance services that ensure operation in accordance to information governance policies and within regulatory guidelines.

incident response piechart

Many industries face cyber breaches. Cyber Instrusion Services Casebook (Crowdstrike, 2017)

Wickr Pro – Empowering Response Teams

Proactive organizations use Wickr to improve their cyber crisis readiness and response for CBO and beyond. Wickr Pro empowers response teams with reliable, out-of-band, end-to-end secure messaging, file transfer, voice and video conferencing and screen sharing with no complicated configuration or IT management required.

With Wickr Pro, teams can manage crises and maintain readiness through performance of important day-to-day activities such as:

  • Daily stand-up calls with the Hunt, IR and Crisis teams to address threats that are detected through ongoing investigations.
  • Project status meetings to organize teams and to share updated documents and information.
  • Monthly team calls for secure video conferencing and collaboration.
  • Periodic information exchange with outside consultants and subject matter experts.