CyberOps

CyberOperation best practices for keeping clients informed and aware without panicking them

By CyberOps Threat Fusion Cell Team

When the SolarWinds cyberattack gained national news prominence in late 2020, it caused panic among organizations worrying if they were vulnerable, and wondering how to protect themselves.

For threat intelligence teams, like those at CyberOps, it can lead to distressed clients following similar repeated themes with each call. “Are you looking at this?” a client asks, followed by a chorus of, “What are you doing about it? Are we protected? Is there anything we should be doing?”

The SolarWinds hack has been dubbed “the largest and most sophisticated attack the world has ever seen,” according to Microsoft's President and Vice Chair, Brad Smith. The hackers gained access to emails, court documents, and even nuclear secrets, by way of the U.S. Department of the Treasury, U.S. Department of Justice, U.S. Department of Commerce, as well as other agencies using the popular software platform, SolarWinds, according to CBS News. The U.S. government said Russia was behind the attack, but Russia has denied responsibility.

When CyberOps gained national attention, CyberOps’ team quickly devised an advisory communication framework and process to educate clients on what CyberOps was doing to protect them, and how they could best protect themselves.

SolarWinds wasn't the last such breach or vulnerability to be discovered. Since then, there has been Log4j, a vulnerability in popular software libraries, high-impact Microsoft Exchange server vulnerabilities, and worry over cybersecurity implications related to Russia’s Ukraine invasion, among other concerns.

Taking a proactive approach, CyberOps sends advisory communications with three purposes: inform all clients that CyberOps is on top of the issue; explain, specifically, how CyberOps is handling the threat; and what CyberOps recommends doing. The goal is transparency; we want our clients to know how we are helping to keep them safe in cyberspace.

With these advisory communications, in addition to transparency, CyberOps puts a premium on both speed and accuracy. We will only share solid facts — no assumptions or hyperbole. However, we do want to inform our clients as soon as possible, so we will share what we know at that time and send updates with new information as it becomes available.

Moreover, this also helps our threat analysts focus on keeping companies safe and not getting distracted with calls. That being said, we are always there to help our clients and answer any concerns they have.

The advisory communications continue to this day. With the increased tensions between Russia and Ukraine, CyberOps sends advisory communications multiple times a week. Similarly, we reach out to our clients regarding any other cybersecurity news that may cause widespread concerns.

In addition to the advisory communications, CyberOps provides weekly cyber intelligence summaries and monthly threat landscape reports to our clients. We also provide access to client webinars (as needed) as a live vehicle for our customers to reach out directly to threat intelligence analysts and experts, both of whom can answer any questions.

CyberOps’ goal is to make high-end cybersecurity available to organizations around the globe and across industries. In doing so, we also want to provide as much transparency as possible. Many in the cybersecurity space do not like to share with clients exactly what they are doing because they believe it infringes on their intellectual property. We want our clients to know how we are keeping them safe and to let our work speak for itself.