Advanced Incident Preparedness with Wickr

Fortune favors the prepared. For cyber incident responders and continuity experts, the most critical time to act is before an incident occurs.

Increased dependence on electronic communications and IT systems means increased vulnerability to a scenario coming to be known as Cyber Blackout (CBO). In a CBO, operational conditions in the wake of an outage or security incident degrade to the point that critical systems can no longer be used or trusted. The breadth of such an event can have a significant impact, recursively affecting the business and the ability of its response team to investigate and restore operations.
incident response process

Out of Band Communications

Highly secure, out-of-band communication channels are deployed, configured and regularly exercised to provide the necessary capabilities in times of crisis. Wickr includes:

  • 1:1 and group collaboration capabilities with internal and external personnel, including file sharing.
  • Audio/video conference calling, including screen sharing.
  • API integrations for advanced orchestration and workflows.
  • Wickr allows for usage and data retention policies to be enforced at the administrative level.
  • Team members are pre- provisioned into communication systems and organized by function, geography, seniority, and group to ensure seamless functioning in times of crisis.
  • Using modern orchestration tools and techniques the appropriate information, logs and communications are automatically sent to the proper teams in their respective secure Wickr Rooms.

Learning from Prior Incidents

Examples of CBO incidents include Sony, Maersk, and Merck. Much was learned from the Sony breach of 2014, where attackers not only compromised documentation, movies, and personnel information, but also gained access to Sony’s internal communication channels. From this vantage point, attackers were able to monitor Sony’s IR discussions and response scenarios to the attack, thus thwarting Sony’s ongoing efforts, extending the PR story and compounding the overall damage. The primary lesson learned for all industry was that any tool used for communication must be secure and must not depend on existing infrastructure. More recently, organizations like CBS have learned that simply being out-of- band isn’t enough – you must use a tool that meets all needs including compliance services that ensure operation in accordance to information governance policies and within regulatory guidelines.

incident response piechart

Many industries face cyber breaches. Cyber Instrusion Services Casebook (Crowdstrike, 2017)