Article by CRMG
You might not want to hear this, but as a small to medium-sized business, it’s a case of when you’ll be subject to a cyber attack, not if.
The volume of cyber incidents is at an all-time high, with attacks becoming increasingly complex and persistent. That’s why it’s mission-critical for organisations to ensure they are prepared and have the correct protections and processes in place to prevent an attack from getting through.
Of course, it’s all well and good to have preventative measures in place, but what happens if they fail? How do you know they will work when it counts? And what about your employees? Are they aware of the tools in place to resist an attack and the role they play in safeguarding the business?
And then what happens if the attack is successful? Containing and managing an attack is ultimately the key to limiting its impact and minimising disruption to the business. In short, organisations need to be able to make sure it’s business as usual.
This is where war gaming and disruption planning come in.
What is cyber security war gaming?
War gaming allows a business to test its ability to maintain operations in the event of a successful cyber attack. At CRMG, our war gaming exercise service is carried out over three stages.
Stage one: We review the existing business disruption arrangements, including where disruption to operations can be minimised, before undertaking the war game exercise.
Stage two: We launch the war game exercise, which sees a range of simulated attacks fired at the business over several hours.
Stage three: We assess the outcome of the exercise and then refine the business disruption plan to ensure it is effective.
Throughout the war gaming experience, management and staff are asked to react to different phases of the simulated attack which we customise to the business and the unique risks it faces – these change for each business depending on various factors.
What a war gaming exercise looks like:
Over the course of the war gaming exercise, the business is subject to a range of simulated attacks but here’s an example of a phishing email scenario.
1 – The phishing email is circulated to management and staff
2 – Staff members click on the link in the phishing email
3 – Network problems start to occur
4 – Online customer services start to go down
5 – Adverse customer reactions reported on social media
6 – Retail portal taken down to contain damage
7 – Phone call receive from hacker demanding ransom
Outcomes of a war gaming exercise:
War gaming allows you to understand the extent to which a cyber event could disrupt your business, exposing weaknesses in products and processes and gauging just how up-to-speed and trained staff are when it comes to cyber resilience.
At CRMG, we then take the findings from the war gaming exercise and use this to improve your disruption plan and to engage and educate management and staff to ensure they know exactly how to react in the event of a successful attack.
Management and staff can be the weak link in the chain:
It can often be the case that management and staff are an organisation’s greatest weakness when responding to a cyber attack correctly, especially when it comes to identifying the threat, orchestrating the team and responding in a structured and timely way.
Taking the war gaming exercise above, it was the employee’s decision to click the link in the phishing email that ultimately led to the attack getting through.
That’s why staff education and training are vital to an organisation’s overall resilience. Having the right products and processes in place is important, but they can be easily circumvented by employees simply opening the door for attackers to walk through.
War gaming is the most effective way of ascertaining whether management and staff know how to respond in the event of an attack. While the attack is simulated, it replicates what would happen in the real world, accurately identifying where gaps in pragmatic collateral that can help respond in a structured manner, as well as knowledge, exist.
Ultimately, war gaming and disruption planning are the only way to ensure ‘business as usual’ in the event of an attack.