LOSSES, disruptions and damages due to cyber attacks have become a major risk to governments and businesses alike. Such risks get amplified significantly during times of conflict or instability and Russia’s invasion of Ukraine is a case in point. Should the worst occur, cyber incident response plans can help mobilize resources, contain the attack, mitigate damages and expedite recovery.
But having a plan on paper is never enough; it’s not a substitute for actual practice. Cyber drills need to be carried out repeatedly, tested thoroughly, and optimized for the real world. Like fire drills at school, when the bell goes off, everyone should know their place.
Cyber incident response capabilities
Listed below are some important considerations for organizations to consider when evaluating cyber incident response capabilities:
1. Be clear with objectives
Before diving into the specifics of the process itself, organizations must ensure they are clear on the objectives and the success criteria of the test. The entire exercise must ideally yield two important results: one, a clear understanding of whether the plan is likely to succeed (or not);
Two, it must help identify a list of critical gaps that must be addressed immediately. Additionally, organizations must aim to test different aspects of the response plan, such as a newly acquired business, a particular system or infrastructure, or specific attack scenarios such as ransomware.
2. Pick an exercise that matches the desired objectives
Businesses must take into account real-world logistical and operational constraints when selecting an exercise to test the objectives that have been laid out. Options include:
Table top exercises (e.g., calling people listed in the plan to ensure their phone numbers work);
Phishing simulations (launching phishing attacks on employees to test if they recognize and report them); password and other suspicious requests;
Red/blue/purple teaming exercises (simulated cyber attacks to test whether systems can be broken in and whether defences are working as expected);
War games (to test defences and cyber readiness of the organization);
Parallel tests (testing recovering systems to see if they are operational and are able to support key processes);
and cutover tests (disconnecting primary systems and checking whether secondary systems are working as expected).
3. Choose your exercise target wisely
It’s important that organizations identify the right combination of targets to build an exercise that helps meet desired objectives. Targets can include specific business applications, physical assets such as servers and workstations, virtual and cloud infrastructure, remote business locations and employees. It might also make sense to include supply chain partners as part of the testing exercise.
For example, simulating an attack on a managed service provider. Some simulations can also be designed to target the C-suite, since executive teams are critical to any crisis response.
4. Develop cyber incident scenarios that are challenging but achievable
Exercises are always a great way for businesses to test their cyber incident response abilities and gauge the cybersecurity readiness of their employees. Exercises should be challenging but achievable at the same time; the idea is not to discourage or demoralize employees but to engage and excite them about developing a strong security culture and ensuring they are well-equipped to handle cyber incidents.
Consider providing participants with scenarios tied to real-world events like ransomware to make exercises seem more realistic and urgent. If possible, distribute guidance to participants ahead of the exercise so that they feel adequately prepared.
Try to be as transparent as possible; make clear who will be taking part, how will the feedback be captured and what kind of metrics will be reported. Add complexity to the exercise by focusing on a specific system, process or individual components of the cyber kill chain. One can even test extreme attack scenarios like “black swan” attacks – incidents that can occur suddenly, with unexpected, widespread ramifications.
5. Ensure to involve all the right parties
It’s important to select the right mix of resources from both business and technical backgrounds so they can help deliver incident response exercises using a wide range of use-cases and expertise. Businesses should include third parties such as forensic and legal experts as well as supply chain partners and customers.
The idea is to select an audience that allows you to meet your desired objectives. Securing buy-in from senior management teams is also advisable as this will greatly impact how participants perceive and participate in the exercise.
6. Be open and learn together
Encourage participants to remain open-minded and not to over-analyze the given situation. Encourage honesty and critical thinking, give all participants the opportunity to contribute. Record all major observations and recommendations from participants, including things that may not have worked as expected.
Conduct post-exercise feedback promptly and commit to addressing issues identified during the exercise via streamlined and well-defined action plans. Capture feedback on how future exercises can be improved; ensure recommended changes are implemented ahead of your next exercise.
In times of conflict or instability, cyber incident testing exercises should be put to action as this can help identify gaps in the most seemingly robust incident response plan. Incident management plans must be thought of as a living document that needs continuous reviewing and updating as the threat landscape evolves.
After all, true cyber resilience can only be achieved if the organization is truly capable of detecting, responding and recovering from a genuine, real-world cyber incident.
World Economic Forum
Sat Jun 25 2022
Should the worst occur, cyber incident response plans can help mobilise resources, contain the attack, mitigate damages and expedite recovery. - Freepik
AWANI Ringkas: Projek NTC | Sindiket Dadah
Ikuti rangkuman berita utama yang menjadi tumpuan sepanjang hari di Astro AWANI menerusi AWANI Ringkas.
Kilang cat terbakar, dua sekolah di Meru diarah ditutup
Penutupan dua buah sekolah terlibat iaitu SK Meru dan Sekolah Rendah Agama Meru 2 itu dibuat atas faktor keselamatan.
AWANI 7:45 [29/04/2024] – Meja bulat bersama 50 pemimpin industri dunia | Penggunaan komersial capai 80 peratus
PM yakin Malaysia jadi destinasi pelabur bernilai tinggi.
Kerajaan perkenal program solar untuk pengguna komersial.
Kelas Terapung dilaksana kawasan penduduk kepadatan tinggi.
Laporan Bank Dunia dedah hanya 58 peratus pelajar mahir membaca menjelang akhir darjah 5.
Kerajaan perkenal program solar untuk pengguna komersial.
Kelas Terapung dilaksana kawasan penduduk kepadatan tinggi.
Laporan Bank Dunia dedah hanya 58 peratus pelajar mahir membaca menjelang akhir darjah 5.
Malaysia perlu berani menentang Denmark
Hanya kemenangan menentang Denmark, kuasa besar badminton dunia, dalam aksi penting Kumpulan D Piala Thomas 2024 esok akan membawa Malaysia mendahului carta kedudukan.
Polis tembak kereta mewah bawa dadah lebih RM100,000
Polis terpaksa melepaskan tembakan bagi mengawal keadaan selepas pemandu kenderaan terbabit bertindak agresif dan cuba merempuh anggota polis .
Indonesia sokong pendekatan Malaysia bantu bangun 'peradaban' banduan Indonesia
Penjara bukan semata-mata tempat menghukum tetapi mentransformasikan ia sebagai institusi pendidikan yang memberi peluang kepada penghuni.
Polis siasat dakwaan pusat keagamaan di Nilai lakukan aktiviti mencurigakan
Ketua Polis Negeri Sembilan Datuk Ahmad Dzaffir Mohd Yussof berkata pihaknya menerima laporan berhubung perkara tersebut Jumat lepas.
Semua laluan Malaysia-Thai di daerah Tak Bai, Sungai Golok, Weng ditutup sementara
Jalan ke Sungai Golok dari daerah Tak Bai ditutup untuk pemeriksaan selepas skuad pemusnah bom menemukan paku bertaburan di jalan raya.
Pengwujudan dua negara berdaulat satu penyelesaian
Perdana Menteri Jordan, Bisher Hani Al Khaswneh berkata Israel terus melakukan kesilapan dengan menyerang gaza dan berharap untuk mendapat hasil yang berbeza. Beliau turut berkata pengwujudan dua negara berdaulat adalah satu penyelesaian asas yang enggan difahami dan diterima Israel.
[TERKINI] PETRONAS dagangan jual 16 bilion liter bahan api, perolehan RM37.55 bilion
Ini laporam yangh baharu kami terima.
PETRONAS Dagangan Bhd mencatatkan jumlah jualan melebihi 16 bilion liter bahan api tahun lalu, meningkat lapan peratus tahun ke tahun, manakala perolehan sebanyak RM37.55 bilion.
PETRONAS Dagangan Bhd mencatatkan jumlah jualan melebihi 16 bilion liter bahan api tahun lalu, meningkat lapan peratus tahun ke tahun, manakala perolehan sebanyak RM37.55 bilion.