When it comes to evaluating technology in preparation for a potential disaster or cyber incident, IT and security departments typically conduct multiple tests, playing out different scenarios to see how applications, systems, devices, and interfaces will respond in the event of an outage or attack. In business continuity, emergency management, or disaster recovery planning tests, weaknesses in backup processes and failover procedures are spotlighted when systems go offline and critical data is unavailable.
But what about testing your people? For example, how would your IT or security team respond to a ransomware attack, or to a strategic DDoS assault? The reality is that security team preparedness – or lack of it – is often more of a problem than the technology.
As we recently discussed in a Q&A and webinar with Stephanie Ewing-Ottmers, our resident expert on cyber exercises and incident response planning, operational exercises are an ideal way to prepare your people for real-world attack scenarios. Operational exercises enable you to introduce controlled risks through live play.
Conducting hands-on cyber exercises can improve your incident response plans by clearly identifying roles and responsibilities, clarifying decision-making responsibilities, ensuring a strong understanding of protocols and requirements, and building the capacity to successfully respond to and recover from a significant cyber event.
Here are four scenarios you should train for and be ready to respond to in the event of a cyber security incident:
1. Phishing Emails – The frequency of phishing emails and overall business email compromise (BEC) has gained momentum, especially as ransomware attacks have been on the rise. According to a study conducted by Malwarebytes, 47 percent of U.S. companies experienced a ransomware attack in the last year, with 50 percent of those incidents resulting from someone clicking on a malicious link in emails. Educating employees to practice due diligence is a first step, and conducting faux phishing exercises can be a valuable teaching tool.
2. Malicious Attachments – It’s just as important for your security team to know when malicious attachments make their way onto the network as it is to avoid opening them. If malicious attachments make it through your filters and into your employee’s in-boxes, you need a plan in place – one that has been practiced – to be able to respond quickly and limit the damage. .
3. Password and Other Suspicious Requests – Cybercriminals can pose as employees, contractors, or third-party vendors to bait employees into divulging sensitive passwords and other access controls. Your security personnel should be trained on how to respond. You can test your incident response teams and employees by running exercises to simulate password requests from familiar sources such as the help desk or even executives, who are often spoofed.
4. Unauthorized Computers and Devices on Network – Computers and devices that haven’t gone through proper authentication processes before joining your corporate network are perfect targets for attackers. Can your response teams not only identify attempts to connect to your network, but block them? Have you tested how quickly they can do this?
These are just a few of the scenarios you can use to test your incident response team’s readiness for a cyber incident. Practicing these on a regular basis can help your team be better prepared and identify any weaknesses before you’re in the midst of a crisis, saving you time, money, and peace of mind.