When it comes to mission-critical conversations, ‘secure-enough’ mass-use communications applications, are often NOT secure enough – they need an extra layer of assurance.
Technology industry website, CRN, recently ran its Cybersecurity Week, publishing the 10 Emerging Cybersecurity Threats and Hacker Tactics 2023. It made alarming reading.
One of the most worrisome trends is identity-based attacks where hackers use compromised credentials to gain access to systems, or to dupe victims into giving up valuable and/or sensitive information. Identity-based attacks are one way to get around endpoint detection and response. Phishing and social engineering remain huge threats, and again, are based on people being tricked into actions that they would not otherwise have considered had they realised that the person they were communicating with wasn’t actually who they thought it was.
In the PwC Cyber Security Outlook 2023, cloud and digital transformation is once again top of the agenda. This global research also makes the point that investing in people and technology is key for successful cyber transformation.
Who are you really communicating with?
Phishing attacks via mass-use collaboration apps was one of the top threats identified by CRN. Impersonation threats are posed when a compromised account is used to carry out phishing attacks. Typically, the attacks aim to steal credentials from a targeted organisation by engaging a user and eliciting approval of multifactor authentication prompts.
Deepfake, another class of impersonation attack that has been a threat for a few years now, has continued to develop, with deepfake video creation software now reportedly available. In 2023 audio deepfakes have been used for funds transfer scams. A larger threat is that attackers may soon be able to generate real-time voice-clone deepfakes.
Secure collaboration? One size does not fit all
With the rise of impersonation-based cyber attacks, it is time for organisations to re-consider the use of mass-use communication and collaboration tools. While they may be ‘secure-enough’ for many mission-critical conversations, when a higher level of assurance is required, the latest research indicates that an extra layer of security is required based on the use case scenario, its related sensitivity and related risk.
For conversations and interactions that need additional assurance, there are secure communication platforms readily available. Built with a Secure by Default ethos with UK government/NCSC and NATO accreditations, the Armour® platform provides the same ease of use, and great user experience as mass-use apps, but with considerably more security for managing users and content.
Identity-based Authentication supports Trusted Communications
To pick up the point made in the PwC Cyber Security Outlook report, which cites a catastrophic cyberattack as the number one risk in Operational Resilience plans, organisations should be looking to protect their more sensitive, commercially valuable communications with additional security. Indeed, best practice guidelines from NCSC and NIST stipulate that if communications channels are even suspected of being compromised, an ‘out-of-band’ secure comms channel should be used to assess the damage and lead the recovery. Mass-use communications platforms are simply too large and amorphous. Anyone can join, and the platforms themselves provide very little control over where data is stored, who has access to it and what they do with it.
By using a secure messaging and collaboration platform that has Secure by Default as its very heart, and that uses identity-based authentication, organisations can maintain complete privacy and security of communications. Armour UnityTM extends the highly successful Armour ecosystem to provide secure, pre-defined or on-the-fly enterprise-level mobile video conferencing, screen sharing and in-app messaging for iOS and Android devices. Documents and chats associated with a conference call benefit from the trusted security of the Armour platform.
In common with Armour Mobile, Unity uses MIKEY-SAKKE identity-based encryption, which is recommended by the UK National Cyber Security Centre (NCSC). This innovative approach means that participants on a call can be certain that only other invited attendees are able to join the conference. Read our previous blog for an explanation of how MIKEY-SAKKE works and why it is important: https://www.armourcomms.com/2018/02/27/are-you-talking-to-me/
Share information only with those you Trust
Using a communications solution that harnesses identity-based authentication, such as the Armour platform, ensures that information is shared only with the intended recipient, safeguarding corporate intellectual property, sensitive commercial information, and complying with data privacy and operational resiliency requirements such as GDPR, DORA and the PRA’s Operational Resilience regulations.
Armour’s holistic Secure by Design approach delivers assurance that mass consumer-use conferencing applications simply can’t provide.
We will be showcasing Armour’s secure (and high assurance) collaboration solutions, including Armour Unity at the forthcoming SDSC-UK, 1-2 November at the Telford International Centre. Contact us today for a free expo and conference ticket and to arrange a meeting.