Security Cloud Privacy Tech

Okta Breach Highlight The Challenges of Incident Response Communications

Okta is responding to a public cybersecurity incident, what can we learn from how they handled communications? More in this Twitter thread .

Tweet 1/7  Next tweet

the @okta compromise is a tricky one to deal with. the info available early yesterday is dramatically different from what is now known…but that’s typical incident response

I wrote up some thoughts over on the @Lacework blog,

#security #dfir

Tweet 2/7  Next tweet  Start

@okta @Lacework the intial statement didn’t have a ton of info in it, you can read that over on their site,

they’ve updated that statement with more info as it came to light (same link). that’s a great step!

#security #dfir

Tweet 3/7  Next tweet  Start

@okta @Lacework however, the most helpful info is David Bradbury’s (he’s the CISO) post,

this post puts the pieces together and makes the timeline clear. it’s actionable and helps incident responders manage the issue

#security #dfir

Tweet 4/7  Next tweet  Start

@okta @Lacework incident response is hard. while trying to figure out what’s going on, you’re trying to make sure that your business and customers are safe, all while getting bombarded with questions you don’t have the answers to

honestly, its stressful and it sucks

#security #dfir

Tweet 5/7  Next tweet  Start

@okta @Lacework communcations are tricky in the best of times. you want to make sure you’re crafting a message that makes your point while getting the attention it needs

crisis communciations is a whole new, much harder ballgame

#security #dfir

Tweet 6/7  Next tweet  Start

@okta @Lacework kudos to @okta & the team, sure they made some minor missteps but they corrected them in public. that’s incredibly difficult to do

let’s learn from this. the best time to tune up your own response process is NOW

#security #dfir

Tweet 7/7  Next tweet  Start

@okta @Lacework take some time to work out some message templates, practice the process, and get your teams & key stakeholders comfortable with that process

no on ever wants to deal with these types of situations but it’s better to be prepared!

/ #security #dfir