The daring feats Matt Damon, Tom Cruise and their teams pull off in movies like “Ocean's 11” or “Mission Impossible” are nail-biting and hugely enjoyable. And yet we must recognise the fact that the protagonists’ success is largely due to the meticulous planning they do.
Of course, there's always an unexpected surprise, but it’s the hours of planning and rehearsing that enables the team to improvise as the drama unfolds.
The same is true of those tasked with defence − in this case the IT security team of every organisation with a digital presence.
The digital world has been the source of many advantages for business and society, but it has also spawned a huge and growing army of cyber criminals intent on penetrating IT systems to access sensitive information, or simply to extract ransom payments. Most cyber security experts agree that a successful cyber attack is now a question of when, rather than if.
Finally, confirmation that all those hours spent playing Warcraft had a deeper purpose!
The latest IBM Breach Report indicates that over 80% of organisations experienced more than one data breach in 2023, while the Verizon Business 2024 Data Breach Investigations Report states ransomware attacks surged by 13%.
The quality of response
Just as meticulous planning and rehearsing are the keys to a successful mission impossible, the same is true of a successful response to an attack. As a recent article in Harvard Business Review notes, the effectiveness of a response to a cyber attack reduces the impact of data breaches.
The long and short of it: businesses that have a good security posture can recover their stock prices within seven days, while those with poor security postures can take an average of 90 days to recover − if at all.
Obviously, a key part of a good security posture is an effective incident response plan. And, as another article in the Harvard Business Review argues, the only way to determine whether the incident response plan works and the team knows what each one's role is, is to test it.
That's where simulations come in. Cyber security incident response simulations are structured exercises carefully designed to mimic real-world cyber threats and test an organisation's response capabilities.
Finally, confirmation that all those hours spent playing Warcraft had a deeper purpose!
A simulated attack-and-response exercise provides a realistic environment for testing just how well the response plan works ‘on the ground’. Such exercises should be done regularly and be carefully designed to mimic the cyber threats the organisation actually faces − this is a moving target, so the threat assessment needs to be continually updated.
Regular simulations enhance the skills and readiness of the incident response team. When a crisis breaks, the best plan will go for nothing if the team doesn't gel, if theindividual actors don't know their lines and, above all, if the team is not confident.
If you're convinced and want to start running simulations, here are some points to think about:
- Design scenarios that reflect actual threats identified as relevant to the organisation. However enjoyable, a simulated attack by Martians isn't helpful. To begin, conduct a thorough risk assessment and base simulations on it − simulations must mimic real-world possibilities.
- Define what needs to be achieved from each simulation.
- Review the evaluation and feedback to identify strengths and weaknesses − and feed the conclusions back into the organisation.
- Be sure to include all relevant parts of the business, from IT to the executive leadership.
- Plan the next one − simulation testing is a continuous process, not an event.
Realise the benefits
A carefully designed simulation programme will yield multiple benefits, not the least of them being a response team that is more effective and agile, and better able to cope with the unexpected.
In addition, if the organisation is meticulous about evaluating the successes and failures of each simulation, the simulation programme will foster a culture of continuous improvement and vigilance − both essential in keeping the organisation in a state of perpetual readiness.
In so doing, the company will be able to identify and address vulnerabilities proactively and strengthen its overall security posture.
Share