Emphasising preparedness: The role of out-of-band communications in cyber incident response

The CrowdStrike outage in July 2024 stands as a reminder for organisations that they cannot risk being unprepared for the inevitability of cyber incidents, whether they stem from human error, software issues, or targeted cyberattacks. This and other recent events highlight the importance of out-of-band (OOB) communications — ways of communicating outside of an organisation’s main systems.

OOB communications have become central to incident preparedness by providing an alternative way to facilitate internal and external communication, coordination, and response during and immediately following a cyber event, particularly when regular communication channels are down.

The time for static response plans is over

It is increasingly important to prepare for incidents by having dynamic communication infrastructure in place. This infrastructure is a priority to keep your crisis management team and internal stakeholders informed and agile when coordinating a response. It is also a critical means of notifying and preparing your external stakeholders, including vendors, brokers, or clients.

A secure, encrypted, and robust OOB communications channel can:

Establish clear incident notification and response procedures for all relevant parties.
Protect essential information from unauthorised access with multi-factor authentication.
Build redundancy with multiple backup communication channels in place.
Streamline efficiency and help you respond and recover from cyber events faster.
Support your organisation in maintaining continuity and resilience.

Three focus areas for implementing OOB infrastructure

For businesses that do not yet have alternative communication channels set up, or those that have only some OOB infrastructure in place, there are a few key areas to prioritise as part of a broader cyber incident response plan.

Accessibility

Accessibility is a top priority when implementing OOB infrastructure, considering that nothing can be done if the right people don’t have access to what they need, when they need it. For example, if a ransomware attack happens late on a Saturday night, there needs to be a defined process for incident notification and response that mobilises necessary responders.

The following questions should be clearly outlined and explained to all relevant stakeholders well before an incident occurs:

Are there clear processes and procedures in place to notify key stakeholders about an incident, whether they’re internal or external? Are these procedures well-documented and easily accessible?
Do the right people know how to access and use the OOB platform effectively, irrespective of their current location?
What technical prerequisites or conditions may be necessary to use the OOB platform?

Tabletop exercises and testing

Cyber events can vary significantly in scale, severity, and type, making it critical for organisations to use realistic tabletop exercises to test their response to a wide range of scenarios. Organisations may simulate responses to data breaches, ransomware, or other potential cyber incidents. It is important to keep in mind that not every cyber incident is malicious — human error and software issues like the CrowdStrike event can be equally consequential.

With consistent and varied testing, organisations can better understand the potential impacts of such incidents, enabling them to develop more effective response strategies and plans. It is recommended to test scenarios using both in- and out-of-band communications channels to determine how responses will be coordinated if only one channel is impacted.

User training and stakeholder alignment

A tool, including an OOB platform, is only effective if people are trained, prepared, and familiar with it. Leadership plays a vital role in educating teams around emergency response and training key stakeholders about their roles and responsibilities. Organisations should not expect people to attend a single demo or meeting and be able to execute in a crisis — leaders must set the example.

And implementation and familiarisation with an OOB platform should not end once an account has been established. Organisations should strive to test their emergency response exercises on a regular basis — quarterly, if possible — and provide required refresher trainings for users to stay acquainted with the platform and leverage its full functionality.

A dynamic OOB platform goes beyond solely communications

When a crisis hits, it is likely to differ from what your organisation is prepared for or expects. Being able to communicate with the people closest to your organisation’s systems is essential to notify stakeholders and coordinate a unified response.

Typically, when regular communication channels such as email, phone, video call, and chat systems become inaccessible or untrustworthy following a cyber event, organisations have relied on private text, email, or WhatsApp channels. Similarly, cyber incident response plans and playbooks have long been documented on static printouts or PDF documents, which may not be accessible or easy to use at a moment’s notice. These approaches are unlikely to be effective in today’s evolving cyber landscape.

A dynamic OOB communications platform can help your organisation go beyond merely communicating with internal and external stakeholders to streamline and strengthen incident response entirely. It can act as a secure off-network workflow tool that safely stores documented processes and procedures if systems or data are compromised. It can also provide customised incident responses tools, resources, and protocols to test response workflows for different exposures.

As cyber incidents continue to increase in frequency and severity, organisations should not overlook the importance of OOB infrastructure as a cornerstone of cyber incident response and overall resilience.

To learn more, speak with a Marsh representative.