Every part of our lives has changed this year – and the repercussions are here to stay. When it comes to working, for example, a recent study showed that 83% of C-level executives and IT professionals expect to continue with remote work policies even when pandemic restrictions are lifted. This shift has caused many leaders, especially CISOs, to re-evaluate their approach to protecting their organization, including the ways cyber crisis training is conducted.
Today’s cyber crisis must not be overlooked
The new threats facing organizations today are serious and cannot be bucketed with the attack techniques and responses of the past. The need for a modern alternative to outdated, irregular table-top exercises has existed for a while; the pandemic has only served to make it more urgent.
The move to a distributed workforce coupled with the rise of modern cyber threats has resulted in greater consequences for inadequate crisis response training. Large organizations are disproportionately affected: according to IBM’s report on the matter, the cost of a breach is amplified by what is alarmingly dubbed ‘mega breaches’. In fact, breaches of one million to 10 million records cost more than 25 times the average. This increase in impact is magnified by a trend towards destructive attacks with the power to grind operations to a halt. With customer turnover, lost revenue, brand damage and system downtime accounting for 40% of average total impact from a breach, cyber crisis response plans must be treated as a higher priority. We have even seen the impact of cyber crises on people’s health, with US hospitals facing ransomware attacks that threatened to hobble their data and software – and ultimately put people’s lives at risk.
Training the whole organization, not just security teams
CISOs need to take a holistic approach when preparing their organizations for a real cyber crisis. By looking beyond, the security team and training different departments, organizations can establish a unified response to a breach. Viewing crisis response as a strategic business issue – not just a technical one – allows for better information sharing across legal, communications and finance teams, which ensures that all stakeholders understand the business impact of a breach in monetary terms.
A recent analysis of 400 CISOs by Osterman Research showed that table-topping was failing, with 40% admitting they have little confidence in responding teams. The fact that just over half (53%) had taken the step of setting up a regular IR group compounded this. And where tabletop exercising was taking place, more often than not it excluded communications teams (80%) and customer teams (87%). In a modern cyber crisis response, which is an all-consuming brand and customer issue, this leaves significant gaps.
Timeliness and regularity are key
Ensuring that crisis response training is timely and mirrors the current threat landscape are the only ways to guarantee your organization will be prepared when a real crisis hits. The regularity of exercising crisis response is another critical element to skilling up your organization. Yearly tabletop cyber crisis simulations are leaving over a third of organizations opened up to vulnerabilities. Considering the frequency of new threats, it’s clear a change is needed. For example, if an organization’s last crisis response exercises were conducted in November 2019, they would now find themselves way behind the curve when it comes to the lessons, they could have learned from the litany of cybersecurity incidents that have occurred thus far in 2020. That includes the Garmin ransomware attack, the Travelex hack and the Sopra Steria attack to name just a few. Keeping up with attackers is vital to ensuring your organization is safe, secure and ready for the worst.
Introducing the security of the future: micro-drilling
We’ve seen that traditional tabletop exercising is woefully inadequate for today’s threat landscape. Luckily, there is an alternative: micro-drilling. Designed for the contemporary security environment, micro-drilling enables the kind of continual reinforcement of incident response skills which, when run with a broad range of teams, builds collective muscle memory. This compounds learnings and, over time, adaptable skills develop rather than wane.
Through real-time insights into modern cyberattacks, teams can remain nimble and mitigate the immense stress placed on them while keeping their organization’s information safe. Nearly 60% of security leaders think the best way to prepare for a crisis incident is to buy more technology, and more are interested in covering themselves legally (38%) than running effective tabletop exercises and fire drills to train their teams (32%). It’s time to leave this way of thinking in the past and instead focus on the humans behind the technology who are keeping the organization safe. Ultimately, it’s their decision-making in the face of a crisis that will be the difference between disaster and defense.