When it comes to evaluating technology in preparation for a potential disaster or cybersecurity incident, IT and security departments typically conduct multiple tests, playing out different scenarios to see how applications, systems, devices and interfaces will respond in the event of an outage or attack. In business continuity, emergency management or disaster recovery planning tests, weaknesses in backup processes and failover procedures are often spotlighted when systems go offline and critical data is unavailable.
But what about testing your people? For example, how would your IT or security team respond to a ransomware attack, or to a strategic distributed denial of service (DDoS) attack, especially during the COVID-19 pandemic when many employees are working remotely?
In this blog, we’ll discuss four different scenarios you can use to make sure your team is ready for any cyber incident.
Preparing Your Security Team
The reality is that security team preparedness – or lack of it – is often more of a problem than technology. Operational exercises are an ideal way to prepare your people for real-world attack scenarios and introduce controlled risks through live play.
Conducting hands-on cyber exercises can improve your incident response plans by:
- Clearly identifying roles and responsibilities;
- Clarifying decision-making responsibilities;
- Ensuring a strong understanding of protocols and requirements; and
- Building the capacity to successfully respond to and recover from a significant cyber event.
Training Your Security Team
Here are four scenarios you should train for and be ready to respond to in the event of a cybersecurity incident:
- Phishing Attacks: The frequency of phishing emails and overall business email compromise (BEC) have gained momentum, especially as ransomware attacks have been on the rise. Ransomware now accounts for 27 percent of malware incidents and 18 percent of organizations blocked at least one piece of ransomware in 2019, according to a recent report. Educating employees to practice due diligence is the first step and conducting faux phishing exercises can be a valuable teaching tool.
- Malicious Attachments and Malware: It’s just as important for your security team to know when malicious attachments and malware, especially ransomware, make their way onto the network as it is to avoid opening them. If malicious attachments make it through your filters and into your employee’s inboxes, or they visit websites infected with ransomware, you need a plan in place – one that has been practiced – to be able to respond quickly and limit the damage.
- Password Requests and Other Suspicious Demands: Cyber criminals often use social engineering techniques to get access to systems and information. They can pose as employees, contractors or third-party vendors to bait employees into divulging sensitive passwords and other access controls. Your security personnel should be trained on how to respond. You can test your incident response teams and employees by running exercises to simulate password requests from familiar sources such as the help desk or even executives, who are often spoofed.
- Unauthorized Users and Devices on Network and Cloud: Computers and devices that haven’t gone through proper authentication processes before joining your corporate network are perfect targets for attackers. Can your response teams not only identify attempts to connect to your network but block them? Have you tested how quickly they can do this? If you’re using cloud applications and infrastructure, are you monitoring access to environments like Amazon Web Services (AWS), Microsoft Azure, and Google or Office 365? Even if your organization is “just experimenting” with cloud platforms and services, you can be at risk for breaches and misuse if they’re not properly configured for optimal security, or if someone with authorized access sets up rogue accounts or operations on them.
These are just a few of the cyber incident scenarios you can use to test your incident response team’s readiness for a cyber incident. Practicing these on a regular basis can help your team be better prepared and identify any weaknesses before you’re in the midst of a crisis, saving you time, money and peace of mind.