Security Cloud Courses About
imgs/hero.webp

Okta Breach Highlight The Challenges of Incident Response Communications

Okta is responding to a public cybersecurity incident, what can we learn from how they handled communications? More in this Twitter thread ๐Ÿ‘‡.

Tweet 1/7 ๐Ÿ‘‡ Next tweet

the @okta compromise is a tricky one to deal with. the info available early yesterday is dramatically different from what is now known...but that's typical incident response

I wrote up some thoughts over on the @Lacework blog, https://t.co/7G7fEBIF4f

๐Ÿงต #security #dfir

Tweet 2/7 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

@okta @Lacework the intial statement didn't have a ton of info in it, you can read that over on their site, https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/

they’ve updated that statement with more info as it came to light (same link). that’s a great step!

๐Ÿงต #security #dfir

Tweet 3/7 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

@okta @Lacework however, the most helpful info is David Bradbury's (he's the CISO) post, https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/

this post puts the pieces together and makes the timeline clear. it’s actionable and helps incident responders manage the issue

๐Ÿงต #security #dfir

Tweet 4/7 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

@okta @Lacework incident response is hard. while trying to figure out what's going on, you're trying to make sure that your business and customers are safe, all while getting bombarded with questions you don't have the answers to

honestly, its stressful and it sucks

๐Ÿงต #security #dfir

Tweet 5/7 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

@okta @Lacework communcations are tricky in the best of times. you want to make sure you're crafting a message that makes your point while getting the attention it needs

crisis communciations is a whole new, much harder ballgame

๐Ÿงต #security #dfir

Tweet 6/7 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

@okta @Lacework kudos to @okta & the team, sure they made some minor missteps but they corrected them in public. that's incredibly difficult to do

let’s learn from this. the best time to tune up your own response process is NOW

๐Ÿงต #security #dfir

Tweet 7/7 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

@okta @Lacework take some time to work out some message templates, practice the process, and get your teams & key stakeholders comfortable with that process

no on ever wants to deal with these types of situations but it’s better to be prepared!

/๐Ÿงต #security #dfir