Why your organization should also simulate a cyber crisis
Written by: Caleb Hill
Many people have never been in such a situation, but adequate preparation is an integral part of managing cyber risks. Proactive cyber exercises, such as cyber crisis simulations, are important for organizations facing modern threats. Organizations need to understand that the question is not whether they will be targeted, but when.
Anyone who has ever experienced a cyber crisis will agree: it is a stressful situation. There is a lot at stake. A day without IT facilities can cost tons of revenue. Not to mention image damage, the possible PR drama and the consequences for the legal department that has to deal with damage claims. No wonder that many organizations simply pay when it turns out that IT facilities have been "held hostage" by hackers. So a cyber crisis can have disastrous consequences. You want to be prepared for such a situation in order to limit the damage, and defending against the variety of tactics used by attackers requires a proactive approach.
How does such a simulation work?
Simulating a cyber crisis can be done on different levels. For example, you can easily start with a theoretical crisis in which employees are asked how they would deal with it. But it is also possible to do a full-force simulation that really works. In any case, it is important that the simulation matches the sector in which you are active and actually simulates and exposes potential dangers. For example, we once ran a simulation at a bank involving a total of 600 hours of preparation, execution and evaluation. A serious amount, but you can imagine that a cyber crisis in the banking sector has far-reaching consequences. So it's only logical that they want to be prepared for it.
The actual simulation is a role-playing game in which all those involved come together in a crisis team and go through a process that consists of three steps: the start, the resolution of the crisis and back to business. The aim of this is to help organizations measure their willingness to withstand an (advanced) attack. Consultants mimic modern attack techniques in an attempt to access an organization's network and obtain specific resources. The testing helps organizations to answer three questions: how would a targeted attack on your environment manifest itself? What could a targeted attacker do with access to your environment? How effective is your current security attitude in preventing, detecting and responding to a targeted attack? By means of so-called 'injects', events in a cyber crisis, those involved are tested. An example of an injection is a phone call from the Dutch police that Chinese hackers have infiltrated the network. The crisis team is then asked what they would do, or in more serious cases asked to actually take measures.
Reduce dwell time
In the event of a cyber crisis, it is important to act correctly as soon as possible. Everyone must be aware of his or her responsibilities and act accordingly as quickly as possible. In order to achieve this, tight playbooks are needed that must be kept up to date. Ultimately, it is important to have as little 'dwell-time' as possible in a crisis situation. Dwell-time stands for the period from the first moment a company is broken into until the moment it is discovered. In the period that hackers remain undiscovered, they explore the environment to see how they can make the attack as effective as possible. This increases the chance that the victim will pay the ransom. It is therefore important for organizations to discover an intruder as quickly as possible and take action.
Get your feet wet
The chance of a cyber crisis may seem small, but it is getting bigger and bigger. Especially for organizations where there are many risks, it is important to be prepared. And just as you only learn to swim in the water, you only learn to deal with a cyber crisis by experiencing it. So ask your cyber security partner to simulate a cyber crisis. It will give you insight into which things go wrong that you thought would go well and give you clues as to where there is still work to be done. And it does wonders for your peace of mind anyway.