Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Training & Awareness

Using Cyber War Games to Improve Incident Response

As teams work to shore up their incident response procedures, both sophisticated cyber war games and simple rehearsals will be essential tools for their security operations.  

Cyber War Games Map

When the financial services industry undertook a cyber attack simulation called Quantum Dawn in 2013, the exercise shined a spotlight on the importance of cyber war games in helping organizations improve incident response.

Quantum Dawn is an example of how complex cyber war games can be. But not all cyber attack simulations need be so involved. Even a simple rehearsal can help organizations identify gaps in their incident response processes, key decision makers (and blockers of key decisions), and other issues they need to address to properly prepare for a real-world incident. Simple rehearsals allow even small security teams to benefit from the concept of cyber war games.

A simple rehearsal might consist of a “paper drill,” where a security leader asks a threat analyst, for example, to create a “run book” documenting the steps the analyst would take to investigate a malware infection on the network. The run book outlines the processes and tools the analyst would use to investigate and remove the malware. It also identifies other individuals, such as systems administrators, who may be instrumental in helping to resolve the incident. Once the initial draft of the run book is complete, the rest of the response team walks through it to identify gaps and alternatives.

A complex rehearsal might consist of a full-scale, live exercise involving multiple functions across an organization, where a malware incident is simulated and the processes for investigating and remediating it are put to the test. This particular type of rehearsal is most effective when participants believe the incident is real, and thus, aren’t tempted to take shortcuts.

Whether you undertake a simple rehearsal or a complex simulation (or both), you’ll want to identify backup systems and processes for incident response, in the event primary systems and processes are unavailable. To help you identify where you may need backups, ask yourself:

• If I were not able to access this particular person/process/tool, to what extent would that impair incident response?

• Is there a suitable or partially suitable backup person/process/tool that could stand in for the primary?

Professionals in fields as diverse as sports and the performing arts use rehearsals to great benefit. I saw the value of rehearsals first hand in the U.S. Army, during my officer training course, when I used simple visual tools to meticulously map out operations. Now, as a cybersecurity professional leading a team of threat researchers at RSA, my team and I use run books to investigate threats.

Advertisement. Scroll to continue reading.

Many organizations have allocated the bulk of their cybersecurity budget toward traditional defensive technologies designed to prevent attacks. But with cyber attacks getting harder and harder to prevent, industry-leading CISOs now realize their incident response capability is just as important as traditional defensive tactics. As organizations across industries work to shore up their cyber incident response procedures, both sophisticated cyber war games and simple rehearsals will be essential tools for their security operations.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Training & Awareness

Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google.

Management & Strategy

750 cyber specialists have participated in Defence Cyber Marvel 2 (DCM2), the biggest military cyberwarfare exercise in Western Europe.

Phishing

Security awareness training isn’t working to the level it needs to. Social engineering, however, is getting better. Why doesn’t awareness training work, and how...

Management & Strategy

Addressing the people problem with effective approaches and tools for users and security practitioners will enable us to work smarter, and force attackers into...

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Management & Strategy

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies

Management & Strategy

UK-based cybersecurity training solutions provider Immersive Labs announced on Wednesday that it has raised $66 million in new capital.