FEATURE
DAndy ANDY Lilly LILLY , CTO , CTO of Armour OF Comms ARMOUR COMMS
Don ’ t rely on the very IP channel that has just been hacked , because your adversaries will be monitoring it .
If ( when ) your organisation succumbs to a cyberattack , the first thing you need to think about , when assessing the situation and putting together a plan for recovery and future mitigation , is exactly how you are going to communicate .
Whether it is the IT department discussing the technicalities or communicating with senior managers and the board to keep them abreast of events , the last thing you should do is use the very platform that has just been compromised , such as your corporate network .
Typically , this includes watching and subverting any communications channels that IT may be using .
It ’ s not unusual for hackers to send spoof messages to try and assess just how well the IT team understands
It ’ s not unusual for hackers to send spoof messages to try and assess just how well the IT team understands the nature of the attack .
the nature of the attack , to capture new passwords or other changes to security and prevent key messages from being delivered .
During the initial investigation phase of a cyberattack it is difficult to know what systems have been compromised , so it is best not to rely on any of them , if possible .
By protecting the communications of the IT and digital forensics team , you are blocking a very useful source of information from being intercepted or modified by the hackers .
In layman ’ s terms , if your email has been hacked , sending an email to your friends asking for help is nonsensical ; your email alerts the hackers to the fact you ’ ve detected their presence .
And you can ’ t tell if any of the responses are genuinely from your friends or from the hackers messing with you .
It is very common when hackers have compromised a system for them to watch carefully for the responses from any IT resources that are tasked with countering their attack .
In addition , by using a secure communications platform , such as Armour Mobile , and having the secure comms hosted by a third party , you are further isolating the IT team ’ s comms from the potentially compromised systems that they are trying to recover .
For third party ‘ blue teams ’ brought in to handle such hacking situations it makes perfect sense for them to bring their own secure comms solution with them and this is a question that you should be asking any would-be supplier when tendering for such services .
| www . intelligentciso . com Issue 02
37