Secure comms are vital for business resilience and data protection (Guest blog by Armour Comms)
Cyber threats are wide ranging
Every enterprise, great or small; every public sector organisation, national or local has sensitive information crucial to operations. It is imperative that this is protected. From customer lists, to employee data, corporate intellectual property and commercial secrets, a cyber breach could prove catastrophic.
The UK Government’s Cyber Security Breaches Survey 2022 updated in July provides a snapshot of the cyber threats faced by UK organisations each year. 39% of organisations identified a cyber attack, and of these 83% were phishing attempts. One fifth were sophisticated attacks including denial of service (DDOS), malware, ransomware etc. A third of businesses are attacked every week. One ray of sunshine is that 80% of boards recognise that cyber security is an important issue.
Are your communications about attacks secure?
Secure mobile communications play an increasingly important role in protecting sensitive data every day. Less well understood is their role in effectively responding to, and recovering from, cyber attacks. It is imperative that a secure comms channel can be used for the organisation to communicate without the hackers potentially eavesdropping. Don’t rely on the very channels that have just been hacked, because your adversaries will be monitoring them.
Are the hackers listening in?
It is very common when hackers have compromised a system for them to watch for the responses from the IT resources tasked with countering their attack. Typically this includes monitoring and subverting any communications channels the IT team are using, including voice calls, email or messaging apps. It is not unusual for hackers to send spoof messages to try to assess just how well the IT team understands the nature of the attack, to capture updated passwords or other changes to security, and prevent key security messages from being delivered.
During the initial investigation phase of a cyber attack it is difficult to know what systems have been compromised, so it is best not to rely on any of them, if possible.
Safeguard your comms with an independent secure channel
By protecting the communications of the IT and digital forensics team, you are blocking a very useful source of information from being intercepted or modified by the hackers. In addition, by using a secure communications platform, such as Armour Mobile or SigNet by Armour, and having the secure comms hosted by a third party, you are further isolating the IT team’s comms from the potentially compromised systems that they are trying to recover.
Even on BYOD devices
In addition, enterprise-grade secure communications apps can also be used on BYOD devices. All information is sandboxed within the app, meaning it can’t be shared, deliberately or otherwise, with anyone other than trusted colleagues in the same secure group, keeping sensitive information protected. After the incident has been dealt with, information can be securely wiped.
For third party ‘blue teams’ brought in to handle such hacking situations, it makes perfect sense for them to bring their own secure comms solution with them – and this is a question that you should be asking any would-be supplier when tendering for such services.
Help to shape and govern the work of techUK’s Cyber Security Programme
Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.
*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.
Cyber Innovation Den
On Thursday 3 November, techUK will host our fourth annual Cyber Innovation Den online. This year we’ll explore efforts being made to realised the ambition set out in the National Cyber Strategy, with speakers taking a look at the progress we’ve seen to date, including the foundation of the UK Cyber Security Council, the reinvigoration of the Cyber Growth Partnership and the continued growth in the value of the sector to the UK economy.
Cyber Security Dinner
In November techUK will host the first ever Cyber Security Dinner. The dinner will be a fantastic networking opportunity, bringing together senior stakeholders from across industry and government for informal discussions around some of the key cyber security issues for 2022 and beyond.
All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.