The Trump administration’s war planning scandal rightly shines a light on a stunning level of carelessness by high-level American government officials. But beyond the outrageous behavior, political chatter, or geopolitical and military implications of SignalGate lie important lessons for IT and cybersecurity leaders about secure communications. Here are five key takeaways.
1. Every organization has “classified” data that needs better OpSec
While the data at the center of this scandal is military in nature, don’t let that distract you from the fact that nearly all government and enterprise organizations have data that deserves a higher level of protection afforded by secure communications platforms. This includes private data that is protected by regulations like HIPAA, DORA, PCI, GDPR, NIS2 that carry stiff penalties, valuable intellectual property, strategic and operational business data, financial data, crisis communications, board communications, and more.
Remember that the threats to that data are not just external (i.e. hackers), but also internal threats from corporate espionage or disgruntled workers. And yes, sloppy employees who blunder journalists into private communications or overshare sensitive data. I’m speaking hypothetically of course.
Take-away: Make sure you are treating your sensitive organizational information like the U.S. administration should have treated their classified data
2. Consumer messaging apps are inappropriate for corporate or government use because they are like social media
A confusing point about Signal and WhatsApp is that they use sound, end-to-end encryption protocols. So why aren’t they safe for organizational use? The answer is because they work like social media.
Apps like Signal and WhatsApp are built to encourage the viral growth of a global, networked user base. In order to do that these apps make it far easier to include than exclude. Anyone can find, connect, and include others in conversations. There are no organization-relevant structures, controls, boundaries or verifications because that would retard network growth. This is all well and good when you want to plan a vacation with your relatives in private. But it is far too lax an approach for sensitive organizational data.
SignalGate illustrates the risks, It was so easy to invite a grossly inappropriate contact in the group and there was no way to validate members once included. Anyone in the entire Signalverse could have been added–including adversaries.
But that’s not all. Social media apps tend to collect a lot of personally identifiable information (PII) like your mobile phone number, as well as valuable metadata (contacts, IP addresses, etc.). This exposes valuable information to those trying to compromise high value targets. While it’s true that Signal collects less metadata than WhatsApp, there is still real exposure. In fact, just two days after SignalGate broke, the German magazine der Spiegel found a ton of PII and password information on Trump officials online, including phone numbers that were linked to WhatsApp and Signal accounts.
Take-away: Never trust consumer messaging apps with sensitive organizational information.
3. Mainstream collaboration suites are in some ways worse
If you think that you’re safe because mainstream vendors like Microsoft and Slack are marketing that they’re secure, you should treat that the same way as the spin being deployed to distract from the serious security lapses in SignalGate.
The reason is that Microsoft Teams and Slack can’t even claim to be secure communications platforms in any sense. While they are built for more controlled, organizational messaging and collaboration, neither have end-to-end encryption, and they carry deeply compromised security architectures. Disney lost 1TB+ of their most sensitive data via Slack. And Microsoft Teams is riddled with gaping security holes that expose you to severe risks.
What makes these platforms particularly bad is the amount of marketing aimed at convincing business buyers that they in fact offer sound security when there’s so much contrary evidence.
Takeaway: Don’t believe the security spin from mainstream collaboration vendors.
4. Simplified User Experience is Key to Secure Communications
Apple’s success in elevating the value of its laptops, phones, tablets, and watches is largely due to its devotion to simplifying user experience. Strong security isn’t just about encryption, it’s about making the user experience simple enough to ensure that cryptographic security can deliver value.
SignalGate showcases this principle, in reverse. If you can’t set up a secure group to automatically exclude external guests, or if users have to notice for themselves via eyeball scanning that someone doesn’t belong in a secure group context, that is a security failure because it enables dangerous user errors rather than prevents them.
Sadly, these sorts of UX lapses are common in secure communications platforms. For example, in some messaging apps that claim to be secure, users or admins have to manually enable end-to-end encryption. We all know that faced with this choice, most users and even administrators won’t bother, so it defeats the point of even having the feature.
End-to-end security should always be on, delightfully invisible to end-users so they can focus on their work. The presence of guests in a secure chat should be obvious. ID verification of group members should be automatic. Excluding guests from chats should be easy. UX plays a critical role in deriving security value from cryptographic protections.
Take-away: Judge secure communications by UX, not just by protocols.
5. Beware of broken admin privilege models that destroy the security of “secure communications” products
If overly zealous metadata collection is a cardinal sin of consumer messaging apps, then overly empowered admins are a nightmare for so-called secure messaging platforms. What I mean by this is that despite the presence of end-to-end encryption, a secure communications product can introduce immense vulnerabilities by storing or backing up cryptographic keys (key escrow) and user data, and then empowering app admins with nearly god-like privileges to see that data.
What is so wrong with this? Simple, if an attacker compromises that admin’s credentials, they will own your organization. This is exactly what happened at Disney. And it can happen to you if you accept broken administrative functionality in your “secure messaging” application.
Take-away: Don’t accept secure communications apps that introduce serious admin vulnerabilities.
Conclusion
Every crisis is an opportunity to learn if we have the presence of mind to extract the right lessons. The world has become dramatically less safe and predictable in the last two months, with the casual recklessness of the U.S. government as exhibit A. Data is the lifeblood of modern organizations. You can no longer consider security-compromised enterprise collaboration suites to be sufficient, and you shouldn’t resort to using obviously unsafe consumer apps for sensitive communication. It’s time to exercise sober judgment on what data in your organization deserves the protection of secure communications. That’s where Wire comes in, as the industry’s leading secure enterprise collaboration suite, trusted by large enterprises, government, military and intelligence agencies across the world. Learn more about what makes Wire the gold standard in secure enterprise communications at wire.com.
Discover how Wire can revolutionize your organization’s secure communications.
Request a demo today and step into a new era of enterprise collaboration designed for the highest stakes.