cyber incident scenario

4 Cyber Incident Scenarios You Should Exercise and Test

When it comes to evaluating technology in preparation for a potential disaster or cyber security incident, IT and security departments typically conduct multiple tests, playing out different scenarios to see how applications, systems, devices, and interfaces will respond in the event of an outage or attack. In business continuity, emergency management, or disaster recovery planning tests, weaknesses in backup processes and failover procedures are often spotlighted when systems go offline, and critical data is unavailable.

But what about testing your people? For example, how would your IT or security team respond to a ransomware attack, or to a strategic distributed denial of service (DDoS) attack, especially during the COVID-19 pandemic when many of your employees are likely working remotely?

In this blog, we’ll discuss four different scenarios you can use to train your employees.

Preparing Your Security Team

The reality is that security team preparedness – or lack of it – is often more of a problem than technology. Operational exercises are an ideal way to prepare your people for real-world attack scenarios and introduce controlled risks through live play.

Conducting hands-on cyber exercises can improve your incident response plans by:

  • Clearly identifying roles and responsibilities;
  • Clarifying decision-making responsibilities;
  • Ensuring a strong understanding of protocols and requirements; and
  • Building the capacity to successfully respond to and recover from a significant cyber event.

Four Cyber Incident Scenarios Your Team Should Train For

Here are four scenarios you should train for and be ready to respond to in the event of a cyber security incident:

  1. Phishing Attacks

The frequency of phishing emails and overall business email compromise (BEC) have gained momentum, especially as ransomware attacks have been on the rise. Ransomware now accounts for 27 percent of malware incidents, and 18 percent of organizations blocked at least one piece of ransomware in 2019, according to the Verizon Data Breach Report. Educating employees to practice due diligence is a first step and conducting faux phishing exercises can be a valuable teaching tool.

  1. Malicious Attachments and Malware

It’s just as important for your security team to know when malicious attachments and malware make their way onto the network as it is to avoid opening them. If malicious attachments make it through your filters and into your employee’s in-boxes, or they visit malware infected websites, you need a plan in place – one that has been practiced – to be able to respond quickly and limit the damage.

  1. Password Requests and Other Suspicious Demands

Cyber criminals can pose as employees, contractors, or third-party vendors to bait employees into divulging sensitive passwords and other access controls. Your security personnel should be trained on how to respond. You can test your incident response teams and employees by running exercises to simulate password requests from familiar sources such as the help desk or even executives, who are often spoofed.

  1. Unauthorized Users and Devices on Network and Cloud 

Computers and devices that haven’t gone through proper authentication processes before joining your corporate network are perfect targets for attackers. Can your response teams not only identify attempts to connect to your network, but block them? Have you tested how quickly they can do this? If you’re using cloud applications and infrastructure, are you monitoring access to environments like Amazon Web Services (AWS), Microsoft Azure, and Google, or to MS Office 365? Even if your organization is “just experimenting” with cloud platforms and services, you can be at risk for breaches and misuse if they’re not properly configured for optimal security, or if someone with authorized access sets up rogue accounts or operations on them.


These are just a few of the cyber incident scenarios you can use to test your incident response team’s readiness for a cyber incident. Practicing these on a regular basis can help your team be better prepared and identify any weaknesses before you’re in the midst of a crisis, saving you time, money, and peace of mind.

Do you need expert assistance with incident response planning or conducting cyber security exercises? Contact us here.