Okta is responding to a public cybersecurity incident, what can we learn from how they handled communications? More in this Twitter thread 馃憞.
the @okta compromise is a tricky one to deal with. the info available early yesterday is dramatically different from what is now known...but that's typical incident response
I wrote up some thoughts over on the @Lacework blog, https://t.co/7G7fEBIF4f
馃У #security #dfir
@marknca tweeted at 23-Mar-2022, 14:52
Tweet 2/7 馃憞 Next tweet 馃憜 Start
@okta @Lacework the intial statement didn't have a ton of info in it, you can read that over on their site, https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/
they've updated that statement with more info as it came to light (same link). that's a great step!
馃У #security #dfir
@marknca tweeted at 23-Mar-2022, 14:52
Tweet 3/7 馃憞 Next tweet 馃憜 Start
@okta @Lacework however, the most helpful info is David Bradbury's (he's the CISO) post, https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/
this post puts the pieces together and makes the timeline clear. it's actionable and helps incident responders manage the issue
馃У #security #dfir
@marknca tweeted at 23-Mar-2022, 14:52
Tweet 4/7 馃憞 Next tweet 馃憜 Start
@okta @Lacework incident response is hard. while trying to figure out what's going on, you're trying to make sure that your business and customers are safe, all while getting bombarded with questions you don't have the answers to
honestly, its stressful and it sucks
馃У #security #dfir
@marknca tweeted at 23-Mar-2022, 14:52
Tweet 5/7 馃憞 Next tweet 馃憜 Start
@okta @Lacework communcations are tricky in the best of times. you want to make sure you're crafting a message that makes your point while getting the attention it needs
crisis communciations is a whole new, much harder ballgame
馃У #security #dfir
@marknca tweeted at 23-Mar-2022, 14:52
Tweet 6/7 馃憞 Next tweet 馃憜 Start
@okta @Lacework kudos to @okta & the team, sure they made some minor missteps but they corrected them in public. that's incredibly difficult to do
let's learn from this. the best time to tune up your own response process is NOW
馃У #security #dfir
@marknca tweeted at 23-Mar-2022, 14:52
Tweet 7/7 馃憞 Next tweet 馃憜 Start
@okta @Lacework take some time to work out some message templates, practice the process, and get your teams & key stakeholders comfortable with that process
no on ever wants to deal with these types of situations but it's better to be prepared!
/馃У #security #dfir
@marknca tweeted at 23-Mar-2022, 14:52
