LOSSES, disruptions and damages due to cyber attacks have become a major risk to governments and businesses alike. Such risks get amplified significantly during times of conflict or instability and Russia’s invasion of Ukraine is a case in point. Should the worst occur, cyber incident response plans can help mobilize resources, contain the attack, mitigate damages and expedite recovery.
But having a plan on paper is never enough; it’s not a substitute for actual practice. Cyber drills need to be carried out repeatedly, tested thoroughly, and optimized for the real world. Like fire drills at school, when the bell goes off, everyone should know their place.
Cyber incident response capabilities
Listed below are some important considerations for organizations to consider when evaluating cyber incident response capabilities:
1. Be clear with objectives
Before diving into the specifics of the process itself, organizations must ensure they are clear on the objectives and the success criteria of the test. The entire exercise must ideally yield two important results: one, a clear understanding of whether the plan is likely to succeed (or not);
Two, it must help identify a list of critical gaps that must be addressed immediately. Additionally, organizations must aim to test different aspects of the response plan, such as a newly acquired business, a particular system or infrastructure, or specific attack scenarios such as ransomware.
2. Pick an exercise that matches the desired objectives
Businesses must take into account real-world logistical and operational constraints when selecting an exercise to test the objectives that have been laid out. Options include:
Table top exercises (e.g., calling people listed in the plan to ensure their phone numbers work);
Phishing simulations (launching phishing attacks on employees to test if they recognize and report them); password and other suspicious requests;
Red/blue/purple teaming exercises (simulated cyber attacks to test whether systems can be broken in and whether defences are working as expected);
War games (to test defences and cyber readiness of the organization);
Parallel tests (testing recovering systems to see if they are operational and are able to support key processes);
and cutover tests (disconnecting primary systems and checking whether secondary systems are working as expected).
3. Choose your exercise target wisely
It’s important that organizations identify the right combination of targets to build an exercise that helps meet desired objectives. Targets can include specific business applications, physical assets such as servers and workstations, virtual and cloud infrastructure, remote business locations and employees. It might also make sense to include supply chain partners as part of the testing exercise.
For example, simulating an attack on a managed service provider. Some simulations can also be designed to target the C-suite, since executive teams are critical to any crisis response.
4. Develop cyber incident scenarios that are challenging but achievable
Exercises are always a great way for businesses to test their cyber incident response abilities and gauge the cybersecurity readiness of their employees. Exercises should be challenging but achievable at the same time; the idea is not to discourage or demoralize employees but to engage and excite them about developing a strong security culture and ensuring they are well-equipped to handle cyber incidents.
Consider providing participants with scenarios tied to real-world events like ransomware to make exercises seem more realistic and urgent. If possible, distribute guidance to participants ahead of the exercise so that they feel adequately prepared.
Try to be as transparent as possible; make clear who will be taking part, how will the feedback be captured and what kind of metrics will be reported. Add complexity to the exercise by focusing on a specific system, process or individual components of the cyber kill chain. One can even test extreme attack scenarios like “black swan” attacks – incidents that can occur suddenly, with unexpected, widespread ramifications.
5. Ensure to involve all the right parties
It’s important to select the right mix of resources from both business and technical backgrounds so they can help deliver incident response exercises using a wide range of use-cases and expertise. Businesses should include third parties such as forensic and legal experts as well as supply chain partners and customers.
The idea is to select an audience that allows you to meet your desired objectives. Securing buy-in from senior management teams is also advisable as this will greatly impact how participants perceive and participate in the exercise.
6. Be open and learn together
Encourage participants to remain open-minded and not to over-analyze the given situation. Encourage honesty and critical thinking, give all participants the opportunity to contribute. Record all major observations and recommendations from participants, including things that may not have worked as expected.
Conduct post-exercise feedback promptly and commit to addressing issues identified during the exercise via streamlined and well-defined action plans. Capture feedback on how future exercises can be improved; ensure recommended changes are implemented ahead of your next exercise.
In times of conflict or instability, cyber incident testing exercises should be put to action as this can help identify gaps in the most seemingly robust incident response plan. Incident management plans must be thought of as a living document that needs continuous reviewing and updating as the threat landscape evolves.
After all, true cyber resilience can only be achieved if the organization is truly capable of detecting, responding and recovering from a genuine, real-world cyber incident.
World Economic Forum
Sat Jun 25 2022
Should the worst occur, cyber incident response plans can help mobilise resources, contain the attack, mitigate damages and expedite recovery. - Freepik
Kelantan urges caution amidst northeast monsoon rains
Kelantan has reminded the public in the state to refrain from outdoor activities with the arrival of the Northeast Monsoon season.
Former New Zealand PM Jacinda Ardern receives UN leadership award
Former New Zealand prime minister Jacinda Ardern was given a global leadership award by the United Nations Foundation.
ICC'S arrest warrants for Netanyahu, Gallant an apt decision - PM
The decision of the ICC to issue arrest warrants against Benjamin Netanyahu and Yoav Gallant is apt, said Datuk Seri Anwar Ibrahim.
KTMB provides two additional ETS trains for Christmas, school holidays
KTMB will provide two additional ETS trains for the KL Sentral-Padang Besar route and return trips in conjunction with the holidays.
BNM'S international reserves rise to USD118 bil as at Nov 15, 2024
Malaysia's international reserves rose to US$118.0 billion as at Nov 15, 2024, up from US$117.6 billion on Oct 30, 2024.
Findings by dark energy researchers back Einstein's conception of gravity
The findings announced are part of a years-long study of the history of the cosmos focusing upon dark energy.
NRES responds to Rimbawatch press release on COP29
The Ministry of Natural Resources and Environmental Sustainability (NRES) wishes to offer the following clarifications to the issues raised.
Online Safety Bill and Anti-Cyberbullying Laws must carefully balance rights and protections
The Online Safety Advocacy Group (OSAG) stands united with people in Malaysia in the fight against serious online harms.
Malaysia's inflation at 1.9 pct in Oct 2024 - DOSM
Malaysia's inflation rate for October 2024 has increased to 1.9 per cent, up from 1.8 per cent in September this year.
Saudi Arabia showcases Vision 2030 goals at Airshow China 2024
For the first time, Saudi Arabia is participating in the China International Aviation & Aerospace Exhibition held recently in Zhuhai.
King Charles' coronation cost GBP 71mil, govt accounts show
The coronation of Britain's King Charles cost taxpayers GBP72 million (US$90 million), official accounts have revealed.
Couple and associate charged with trafficking 51.9 kg of meth
A married couple and a man were charged in the Magistrate's Court here today with trafficking 51.974 kilogrammes of Methamphetamine.
PDRM to consult AGC in completing Teoh Beng Hock investigation
The police may seek new testimony from existing witnesses for additional insights into the investigation of Teoh Beng Hock's death.
Thai court rejects petition over ex-PM Thaksin's political influence
Thailand's Constitutional Court rejects a petition seeking to stop Thaksin Shinawatra from interfering in the running the Pheu Thai party.
Abidin takes oath of office as Sungai Bakap assemblyman
The State Assemblyman for Sungai Bakap, Abidin Ismail, was sworn in today at the State Assembly building, Lebuh Light.
UPNM cadet officer charged with injuring junior, stomping on him with spike boots
A cadet officer at UPNM pleaded not guilty to a charge of injuring his junior by stomping on the victim's stomach with spike boots.
How Indian billionaire Gautam Adani's alleged bribery scheme took off and unraveled
The indictment was unsealed on Nov. 20, prompting a $27 billion plunge in Adani Group companies' market value.
Elon Musk blasts Australia's planned ban on social media for children
Several countries have already vowed to curb social media use by children through legislation, but Australia's policy could become one of the most stringent.
Trump picks Pam Bondi for US Attorney General after Gaetz withdraws
Bondi was the top law enforcement officer of the country's third most populous state from 2011 to 2019, and served on Trump's Opioid and Drug Abuse Commission during his first administration.
Ringgit extends uptrend against greenback in early trade
At 8 am, the local currency climbed to 4.4600/4700 against the greenback.