Cyber security attacks against public and private information technology and networks are escalating in occurrence and complexity.
Those intent on causing harm never cease in developing new ways to attack information systems, driving a constant need to improve skills, policies and tools dedicated to cyber security.
A cyber security exercise is a hands-on training event to test how an organization detects and responds to information security threats in real time. These threats include unauthorized disclosure, transfer and accidental or intentional modification or destruction of information, including security breaches, stolen information and inability to provide Internet services during an extended systems outage.
“Organizations need to continually prepare for the worst, and to do that they should test the validity of their plan,” said Jim Grogan, vice president, consulting product marketing at SunGard Availability Services. “Cyber security incident management exercises are validation initiatives to determine cyber attack training effectiveness and identify any gaps in your cyber security program.”
In conducting cyber security exercises, organizations should focus on achieving five important objectives:
1. Test cyber security policy adherence. Thorough and regular testing of cyber security plans is essential to verify your plan’s clarity, practicality and ability to achieve desired results. While organizations need firewalls, anti-virus software and other technical tools, having security policies that monitor and report on intrusions and other suspicious activities is equally important. And it is critical to develop and maintain a well-trained response team that can use the tools, and help ensure full employee training and understanding of the policies.
2. Establish working relationships. A crisis should not be the first time that the people involved in incident response work together. Cyber security exercises need to bring together people from business and IT operations to generate an understanding of roles and responsibilities – covering each individual’s role and also building knowledge of co-workers’ roles so everyone can function as a team.
3. Elevate awareness of forensics. A typical user response to a problem at a desktop computer is to “reboot” the computer. During a cyber attack, this seemingly harmless action may overwrite valuable forensic evidence that is crucial to identify and prosecute the source of the attack. Exercises should include education sessions on how law enforcement organizations and other forensic investigation firms conduct computer forensic investigations and a walk-through on steps all participants should take to minimize incidents of data loss.
4. Improve senior executive understanding of complexities of cyber security threats. A cyber security attack can be a brand risk – and that demands the attention of senior management. Communication is one of the most common reasons organizations fail to respond effectively to an incident. The exercise should test the chain of communications for how internal and external crisis communications messages are developed and articulated. It also provides the opportunity to validate and adjust information security programs that are part of corporate and government regulatory compliance initiatives.
5. Gain greater organizational credibility. Cyber attacks have the potential to be disruptive beyond internal operations. Organizations regularly conducting cyber security exercises increase their standing with other companies and customers by demonstrating a commitment to being a reliable business partner and vendor. External parties should be included in the exercise as appropriate.
“A cyber security simulation is the closest thing to an actual incident – from the unexpected twists and turns in the event to the unanticipated action of a colleague. It is a great way to determine how prepared or unprepared your organization is to respond to a cyber threat,” said Chris Burgher, associate principal, information security practice at SunGard Availability Services.