Critical Communications For Enterprise Cyber Security Incident Response

Secure Enterprise Communications As Essential As Electricity And Internet

Add bookmark

Jeff Orr

Enterprise Communications

Your organization was just hit with a ransomware attack. As the security team engages to contain the malware, you discover that your email files are now encrypted. The VoIP phones are offline and employees are wanting to know what to do.

If this had been an electrical power outage, the facilities team action plan would have kicked in to power up the diesel generator and get the lights back on. If this was a loss of internet connectivity to the facility, there is likely a response plan to keep the business running on an alternative link. For most disaster recovery and business continuity issues, the organization has assessed the risk and built an incident response plan. But in the ransomware example, chances are the security team’s plan is not the same as the organization’s business continuity goals.

By taking the stance that it is only a matter of time before a data incident happens in your organization, you must ask yourself, “Does a data incident qualify as disaster recovery?”

Security As Part Of Disaster Recovery Operations

Security teams need to be involved in the broader IT planning for connectivity interruptions when a service outage occurs to assure that alternative paths are in lock-step with the security posture of the organization. Security should also be looped into all forms of disaster recovery planning.

Consider what happens when your network, email, phones and digital applications go away. Do the security alerts continue to come in? How do day-to-day operations persist? How does security notify its constituents? How do employees inform their customers, partners and suppliers?

See Related: Ransomware Aftershock: The Road To Recovery After A Cyber Data Hijack

When enterprise communications systems go offline, does the organization know how to reach employees on personal email or mobile devices? Does the organization test these connections periodically to ensure that they’re still active?

A recovery plan for critical enterprise communications should factor in all possible means to relay information including physical, internet and methods parallel to the organization’s network. Consider multiple channels for enterprise communications:

  • Email
  • Messaging applications
  • SMS/Text
  • Web conferencing
  • Physical message boards throughout facilities

Challenges Implementing An Effective Communications Recovery Plan

Even the best laid plans will need to be modified. Organizations must account for unique business requirements, workforce and workplace conditions, and concerns from the cyber security team.

Business Requirements

  • Most companies do not have dedicated resources available for disaster recovery. Are those organizations with dedicated resources even considering cyber-attacks as a possible scenario?
  • Broadcast communications (one-to-many) has limitations.
  • Two-way radio works on a site-specific basis for specific types of communications; does not replace data communications.

The Workforce And Workplace Situation

  • The workforce is increasingly distributed, remote and virtual.
  • The workplace has extended beyond the physical security perimeter to enable employee access to applications and data from anywhere at any time.
  • As a result, Physical methods of employee communications such as posting a note in the break room or hanging a “CLOSED” sign on the front door no longer apply.

Enterprise Security Concerns

  • User authentication must remain intact. Is 2FA or MFA capability present?
  • Can special communications for public agencies, such as Amber Alerts, continue in a secure manner?
  • Compliance with regulatory requirements (e.g., FSBI, Healthcare or Public Sector) must continue with all methods of communication.
  • How does escalation of cyber security alerts occur using this recovery method?

Building The Business Case For A Critical Communications Platform

The opportunity exists for a communications platform that is available in case of a cyber-attack, if for no other reason than to deliver business continuity. Leveraging third-party managed services and cloud infrastructure, organizations would find value in a Communications Platform As A Service (CPaaS) that plays a critical role in cyber security disaster recovery.

See Related: Cloud Security: A CISO Guide

In the case of the ransomware example, a CPaaS deployment could be initiated to quickly restore employee communications. The CPaaS providers need to demonstrate they can provide a reliable and secure service that conforms to an organization’s security posture. Best practices for third-party risk management (TPRM) will be necessary.

Another possible channel for CPaaS adoption is through insurance carriers. As part of the policy, an organization must be prepared to implement a CPaaS solution. From a business perspective, consider this approach similar to the risk management of deploying a diesel generator for electric power interruption.

Security leaders should look to line of business owners along with the organization’s CTO to develop the cyber security communication response plan. As more organizations investigate secure communications after a cyber-attack, the business justifications will become clearer and risk management can weigh in on benefits.

See Related: Cyber-Accountability Market Report: A Look At Third-Party Risk Management