Skip to main content
Cybersecurity

An action plan when a cyberattack takes down comms

Prep could include Telegram, Chromebooks, and a good ol’ fashioned phone tree.
article cover

Francis Scialabba

3 min read

When ransomware actors strike, they often disrupt a company’s email services, phones, internal chat, or other ways of sending messages both urgent and random. The last thing you want is a cyberattack leading to a whole company-wide, “You’re on mute” situation.

An FBI official told a cybersecurity-summit audience in April that IT teams and executives must be prepared with messaging options outside of the usual telecom frequency, aka “out of band.”

“We’ve had CEOs who have had their personal cell phones compromised and…robo-texted and robo-called, so they can’t use their cell phone to engage with their organization about how to recover properly. So, what is your actual plan for out-of-band communications?” said Bryan Vorndran, assistant director of the FBI’s cyber division, at CrowdStrike’s Government Summit.

What we have here is…A report from the cybersecurity provider StormWall revealed that denial-of-service attacks increased by 74% in 2022, with telecommunications making up 26% of the DDoS incidents.

A February compromise recently walloped the internal servers and IT telephony at Dish Network. Vulnerable VoIP services have, in fact, been the way in for at least one recent ransomware group.

While the robo-texting of a CEO’s phone may be unusual, a more common disruption involves encrypting the systems frequently accessed from that phone.

Enterprise services like Office 365 can be tied to Active Directory. An attacker with access to AD admin credentials, common in ransomware scenarios, may get a good look inside Office 365 email or internal-chat platforms.

“It’s at that point that you’re probably going to want to assume that most of the communications on the network have been either compromised or they’re not trustworthy. And that’s when you should enact your automated communication plan,” said Drew Schmitt, a managing security consultant at GuidePoint Security.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

About that automated communication plan…

  • A company’s backup strategy often features one out-of-band email option and one out-of-band real-time chat function. Schmitt recommended Signal, which incorporates privacy features. Personal-email services outside of the enterprise, like Gmail, according to Schmitt, also provide some comms options on a variety of devices.
  • Part of that strategy may include some side devices. An Apple shop, for example, may want a wireless hotspot ready and some Android phones or Chromebooks on standby, in case an attack hits the company’s main endpoints, said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, to IT Brew.
  • Have personal emails and phone numbers collected—and printed out. “The really important part of that is having the information available to each other…Don’t have it on a computer where it can be blocked if your computer’s not working. You need to have it somewhere that it’s accessible,” Steinhauer told IT Brew.

Mainly: Do the work ahead of time, so you’re not out of touch (literally) when you need to be  in the moment.

“A lot of this ends up getting dealt with right during the incident, which is probably not the time you’re going to be wanting to develop your plan,” said Schmitt.—BH

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.