The psychology of cyber enhancing your cyber crisis response with micro-drilling

The impact of cyberattacks on large organizations is growing, and this is reflected in the data. IBM’s Cost of a Data Breach 2021 Report shows that the average total cost has increased by 10% in just the last five years, now standing at $4.24m.

This increase in impact is being magnified by a trend towards destructive attacks which grind operations to a halt. With customer turnover, lost revenue, brand damage and system downtime accounting for 40% of average total impact from a breach, cyber crises are no longer a technical issue. They have become firmly fixed in the board’s crosshair.

To stem this tide, the top cost-mitigating factor is twofold. First, form an incident response team; second, continually test this response. According to IBM, the average cost of data breach for those who do this is 37% lower than those who do not. In hard money terms, a well-drilled incident response saves $2m on average.

Additional Resources

Take a Walk on the Darkside – A Pipeline Cyber Crisis Simulation

Take a Walk on the Darkside – A Pipeline Cyber Crisis Simulation

Blind Administration – A Supply Chain Compromise Crisis Sim

Traditional incident response: how we currently think 

With an ever-growing impact on organizations, and the data pointing towards the benefits of mobilizing more frequently trained Incident Response (IR) teams, is the industry achieving this?

Analysis of 400 CISOs by Osterman Research showed table-top exercising was failing, with 40% admitting they have little confidence in responding teams. This was compounded by the fact that just over half (53%) had taken the step of setting up a regular IR group. In addition, where tabletop exercising was taking place, it was found to be neglecting communications teams (80%) and customer teams (87%). In a modern cyber crisis, which is an all-consuming brand and customer issue, this leaves significant gaps.

Most importantly, the data showed the most common cadence for tabletop exercising is annual. A not insignificant proportion of respondents (7%) even admitted they would only reinforce crisis response skills once every two years.

Micro-drilling: a contemporary approach to cyber crisis response 

Micro-drilling is the modern alternative to tabletop exercising. Designed for the contemporary security environment, it enables the kind of continual reinforcement of IR skills that builds collective muscle memory.

It does this by running narrative-led wargames akin to traditional cyber crisis response simulations, but in far shorter, more frequent bursts and through a browser. Organizing a micro-drill for a team is more like setting up a Zoom call, so it is simpler and more cost effective to run a far higher frequency of crisis simulations. In doing so, micro-drills address the traditional problem with skills decay by repeatedly feeding more knowledge, skills, and information into the learning cycle. This compounds learnings and, over time, skills develop rather than wane.

With full data capture on every step taken throughout the simulated crisis, they also provide a valuable feedback loop from which to learn and refine performance, whether individually or as a whole team. Having instant feedback on how each decision affects factors like share price, risk levels and reputation, teams develop greater self-awareness of the impact of their choices, learning as they go.

The psychology supporting micro-drills

Rebecca McKeown is an independent Chartered Psychologist and current Director of Human Sciences at Immersive Labs.

“The problem with learning new skills is that they quickly fade if we don’t use them often. We become less adept and our competence degrades quickly, so frequency of training is incredibly important, particularly with problem solving and decision-making. Maintaining competence in these skills requires regular refresher exercises – once every two months as an absolute minimum.

“Each time we learn something new we progress and become more skilled, more knowledgeable, and more experienced. This helps us develop a depth of understanding that makes us better able to solve problems and work quickly and efficiently – all of which are critical to effectively handling any difficult situation.”

Building mental agility

“In a cyber crisis, everything changes. Crisis responders must flex to the uncertain, complex and volatile nature of the incident – and they must use enhanced ways of thinking to achieve this.

“This is called cognitive agility. It is the ability to be flexible and open to seeking alternatives to the usual way of doing things. To become proficient at cognitive agility requires a skill called metacognition – put simply, it is the skill of ‘thinking about thinking’.”

Its underlying principle is rooted in a continual cycle of planning, monitoring, evaluating, and reflecting on experiences. People become aware of their own strengths and weaknesses and how these should be developed.

“Without metacognitive skills, cyber crisis responders not only produce suboptimal solutions but also lack the self-awareness to know these solutions are flawed. This is called the Dunning-Kruger effect. The impact of this can be significant, as it can lead to flawed solutions becoming embedded in future incident response plans, creating long term problems with the effectiveness of cyber defence.

“Expert cyber responders are those who use this to think through potential scenarios, making connections with previous experiences through pattern recognition and working out alternatives.  All these techniques help develop an understanding of cause and effect which will improve problem solving and decision making in the uncertain, complex, and volatile world of a cyber crisis event.”

Power up your cyber crisis response

Having a team of skilled problem solvers for a range of technical, reputational, legal, customer and financial issues is crucial to the response that today’s cyber crises require. Immersive Labs’ Cyber Crisis Simulator has been created to develop capabilities, and the necessary cognitive agility, within these incident response teams.

Customizable crisis scenarios exercise technical and non-technical teams on emerging cyber crises, based on the latest threats. Dynamic storylines generate data points to identify strengths and weaknesses, and measure progress. Drop teams and individuals into a range of browser-based crisis scenarios that deliver instant feedback on the decisions – allowing your organization to:

  • Increase the frequency of exercising, while removing barriers
  • Refine roles and responses across your organization’s departments
  • Measure performance and signpost areas for developing skills
  • Choose the most appropriate set up from individual, presentation, and team drill modes
  • Deliver micro-drilling for response teams

If your organization is ready to begin stress-testing its crisis response capability across the board,book a Cyber Crisis Simulator demo using the button below