According to Allianz Risk Barometer Top 10 Global business risks for 2018, Cyber incidents were ranked 2nd major threat for companies in the year. Business interruption leads in the ranking which also interlinked to cyber incidents. Cyber attacks are going to happen (that’s not news anyway), organization response plan will directly impact gravity of the incident. The aftermath can even be more damaging than the attack when financial standing and brand reputation is affected as a result of the incident.
Most organizations are aware of the impact of cyber attacks to their operations and will put in plans to respond when the inevitable happens. Cyber Incident Response Plans are developed to identify, investigate, contain and remediate a security breach. Unfortunately, most of these plans gets tested when a real attack happens – wrong time to test. Things don’t play out as planned and with the panic and confusion during the crisis, mistakes and poor decisions are made that aggravate the situation. Having a response plan that hasn’t been tested is as good as not having a plan at all.
When disasters strike the time to prepare has passed.
Simulate Cyber Incident Response – How to avoid prioritizing mistakes?
Building conduct fire drills to test emergency preparedness in case of a fire. The drill serve as an evaluation of the effectiveness of the evacuation procedures in place as well as determine the need for adjustments to emergency plans. This can only be achieved through a drill not sitting in boardroom and reviewing the plans in place.
In the cyber space, organization can only test their cyber attack preparedness through similar drills. The difference here is that you can’t run them in your operational environment but you can simulate an environment where you can afford to fail and jump back on your feet.
During CyberWeek in Luxembourg I got the opportunity (rare) to take a sneak peak of Room #42. Room #42 is a cyber attack simulated game that creates a realistic experience where all participants have to make quick, high impact decisions in real time with minimal information. The beauty about the ‘game’ is actually a room that has been set up with a corporate environment with clusters for different functions. One side you have IT cluster who will be busy working to contain and remediate the attack. Other clusters can be taken up by Sales team, R & D, External Relations, HR and other management teams including the CEO. The SMILE team simulates an attack e.g. Ransomware and each of the players have a role to play and decisions to make. Calls will be coming from customers, media & regulators inquiring about the incident. To put more pressure on the participants the room light keep on changing as well as sirens keep running getting everyone under real stress. That’s not it- distress calls from family members of the participants come through to gauge whether they lose concentration on the incident. It’s intriguing to watch the entire simulation from an observatory room and observe how decisions are being made and the mistakes the team keep making.
Importance of Simulated Cyber Incident Response
It’s an opportunity to improve the cyber incident response plan from gaps that will be identified from the simulated environment. Mistakes are forgivable in a simulated environment as they also provide crucial leads for areas of improvement on entire plan.
Get clarity of roles & responsibility – During the crisis crucial decisions are to be made by staff in the organization. The simulation provides a ground to test and get clarity on everyone’s responsibility during a cyber attack.
Improve efficiency & fast response. Every cyber attack has its unique characteristic however tested response in a simulated environment improves on response time and efficiency in managing the crisis. The simulated cyber incident response prepares the organization for any kind of cyber attack as various realistic scenarios will be generated to test response.
Improve communication internally and externally. Customers, regulators, business partners and other stakeholders need to be informed about the cyber attack. Communication within the team impacts on the decision making process while responding to the cyber attack. Incorrect information can aggravate the situation and hence during the simulation the team learns how to best pass on information internally. External communication is also vital to manage expectations of all stakeholders. The content of the message needs to be well evaluated to avoid causing panic or lead to legal suits if it’s interpreted as negligence on the organization.
Opportunity to watch yourself make mistakes. In sports, coaches get their teams to watch their recorded performance during previous games. It helps players see their mistakes and will avoid such mistakes in future games. In the simulated environment a video recording of the team performance is availed to the team and they can watch and gauge their own performance. This serves as a permanent reminder of mistakes to avoid during crisis.
Emergency preparedness is a team sport – Eric Whitaker
Organizations today are faced with challenge of dealing with ever evolving threat landscape coupled with sophisticated attacker capability. It’s no longer good enough to have a cyber incident response plan. However, a plan that hasn’t been tested will not be of value when the organization is facing a cyber attack. It’s no longer a matter of ‘if’ but rather ‘when’ the attack happens. Simulated cyber incident response will help an organization reduce impact of the future attacks and prepare it to recover as fast as possible.
2018 © Villbo Group Limited.