LOSSES, disruptions and damages due to cyber attacks have become a major risk to governments and businesses alike. Such risks get amplified significantly during times of conflict or instability and Russia’s invasion of Ukraine is a case in point. Should the worst occur, cyber incident response plans can help mobilize resources, contain the attack, mitigate damages and expedite recovery.
But having a plan on paper is never enough; it’s not a substitute for actual practice. Cyber drills need to be carried out repeatedly, tested thoroughly, and optimized for the real world. Like fire drills at school, when the bell goes off, everyone should know their place.
Cyber incident response capabilities
Listed below are some important considerations for organizations to consider when evaluating cyber incident response capabilities:
1. Be clear with objectives
Before diving into the specifics of the process itself, organizations must ensure they are clear on the objectives and the success criteria of the test. The entire exercise must ideally yield two important results: one, a clear understanding of whether the plan is likely to succeed (or not);
Two, it must help identify a list of critical gaps that must be addressed immediately. Additionally, organizations must aim to test different aspects of the response plan, such as a newly acquired business, a particular system or infrastructure, or specific attack scenarios such as ransomware.
2. Pick an exercise that matches the desired objectives
Businesses must take into account real-world logistical and operational constraints when selecting an exercise to test the objectives that have been laid out. Options include:
Table top exercises (e.g., calling people listed in the plan to ensure their phone numbers work);
Phishing simulations (launching phishing attacks on employees to test if they recognize and report them); password and other suspicious requests;
Red/blue/purple teaming exercises (simulated cyber attacks to test whether systems can be broken in and whether defences are working as expected);
War games (to test defences and cyber readiness of the organization);
Parallel tests (testing recovering systems to see if they are operational and are able to support key processes);
and cutover tests (disconnecting primary systems and checking whether secondary systems are working as expected).
3. Choose your exercise target wisely
It’s important that organizations identify the right combination of targets to build an exercise that helps meet desired objectives. Targets can include specific business applications, physical assets such as servers and workstations, virtual and cloud infrastructure, remote business locations and employees. It might also make sense to include supply chain partners as part of the testing exercise.
For example, simulating an attack on a managed service provider. Some simulations can also be designed to target the C-suite, since executive teams are critical to any crisis response.
4. Develop cyber incident scenarios that are challenging but achievable
Exercises are always a great way for businesses to test their cyber incident response abilities and gauge the cybersecurity readiness of their employees. Exercises should be challenging but achievable at the same time; the idea is not to discourage or demoralize employees but to engage and excite them about developing a strong security culture and ensuring they are well-equipped to handle cyber incidents.
Consider providing participants with scenarios tied to real-world events like ransomware to make exercises seem more realistic and urgent. If possible, distribute guidance to participants ahead of the exercise so that they feel adequately prepared.
Try to be as transparent as possible; make clear who will be taking part, how will the feedback be captured and what kind of metrics will be reported. Add complexity to the exercise by focusing on a specific system, process or individual components of the cyber kill chain. One can even test extreme attack scenarios like “black swan” attacks – incidents that can occur suddenly, with unexpected, widespread ramifications.
5. Ensure to involve all the right parties
It’s important to select the right mix of resources from both business and technical backgrounds so they can help deliver incident response exercises using a wide range of use-cases and expertise. Businesses should include third parties such as forensic and legal experts as well as supply chain partners and customers.
The idea is to select an audience that allows you to meet your desired objectives. Securing buy-in from senior management teams is also advisable as this will greatly impact how participants perceive and participate in the exercise.
6. Be open and learn together
Encourage participants to remain open-minded and not to over-analyze the given situation. Encourage honesty and critical thinking, give all participants the opportunity to contribute. Record all major observations and recommendations from participants, including things that may not have worked as expected.
Conduct post-exercise feedback promptly and commit to addressing issues identified during the exercise via streamlined and well-defined action plans. Capture feedback on how future exercises can be improved; ensure recommended changes are implemented ahead of your next exercise.
In times of conflict or instability, cyber incident testing exercises should be put to action as this can help identify gaps in the most seemingly robust incident response plan. Incident management plans must be thought of as a living document that needs continuous reviewing and updating as the threat landscape evolves.
After all, true cyber resilience can only be achieved if the organization is truly capable of detecting, responding and recovering from a genuine, real-world cyber incident.
World Economic Forum
Sat Jun 25 2022
Should the worst occur, cyber incident response plans can help mobilise resources, contain the attack, mitigate damages and expedite recovery. - Freepik
Michael Olise dedah faktor tolak Man United, Chelsea sebelum sertai Bayern
Bayern mengesahkan pembelian Olise bernilai GBP52 juta dari Crystal Palace dengan perjanjian lima tahun pada Ahad.
Pemimpin sayap kiri Perancis gesa Macron panggil NFP bentuk kerajaan
Melenchon menggesa Perdana Menteri untuk meletakkan jawatan dan Macron harus memanggil NFP untuk membentuk kerajaan baharu.
Insan mulia Mansor Puteh derma darah 631 sepanjang hayatnya - Menteri Kesihatan
Pusat Darah Negara Kementerian Kesihatan Malaysia (KKM) merakamkan takziah ke atas pemergian Mansor.
Gempa bumi 6 skala Richter landa Kepulauan Bonin, Jepun
Satu gempa bumi kuat berukuran enam pada skala Richter dikesan berlaku di Kepulauan Bonin, Jepun pada 4.01 pagi tadi.
Paris 2024: Ariana Nur Dania 'bidik' pengalaman atau podium?
Ariana Nur Dania akan menjalani latihan pecutan akhir di Korea Selatan ditemani dua rakan lain, Nurul Azreena dan Syaqiera.
WEF #AMNC24: Memperkukuh ekosistem syarikat pemula Asia Tenggara
Ketua ESG & Ekonomi Sirkular, Gobi Partners, Carlo Chen-Delantar mengupas cabaran semasa, unjuran masa depan serta usaha menambah baik ekosistem syarikat pemula di Asia Tenggara.
AWANI Ringkas: Korban konflik Israel-Palestin terus meningkat
Ikuti rangkuman berita utama yang menjadi tumpuan sepanjang hari di Astro AWANI menerusi AWANI Ringkas.
Prospek dan cabaran ekonomi Malaysia separuh kedua 2024
Kerajaan optimis Keluaran Dalam Negara Kasar (KDNK) Malaysia berada pada kedudukan yang baik dan akan berkembang pada kadar unjuran rasmi antara 4.0 peratus dengan 5.0 peratus bagi 2024, didorong pertumbuhan suku pertama yang lebih tinggi daripada jangkaan. Apakah faktor-faktor yang menyumbang kepada prestasi ekonomi Malaysia dalam tempoh enam bulan lalu dan apakah yang akan menjadi perhatian di kalangan pelabur untuk prestasi separuh tahun kedua 2024?
Prestasi FBMKLCI: Unjuran enam bulan akan datang
Setakat 31 Mei 2024, Indeks Komposit FBMKLCI ditutup pada 1,596.68 mata, mencatatkan peningkatan kukuh sebanyak 1.3% dari bulan ke bulan. Ini merupakan kenaikan mengagumkan sebanyak 9.3% dari awal tahun. Indeks ini menunjukkan prestasi yang kuat dengan mencapai tahap signifikan 1,600
mata pada pertengahan bulan, menonjolkan ketahanan dan potensi pertumbuhannya. Adakah indeks ini akan meneruskan momentum ini dalam tempoh enam bulan akan datang?
mata pada pertengahan bulan, menonjolkan ketahanan dan potensi pertumbuhannya. Adakah indeks ini akan meneruskan momentum ini dalam tempoh enam bulan akan datang?
30 remaja Korea Utara dihukum mati, penjara kerana tonton K-drama
50 sehingga 60 remaja berusia sekitar 17 tahun di Korea Utara diketahui menonton drama Korea Selatan.