The psychology of cyber enhancing your cyber crisis response with micro-drilling

Traditional incident response: how we currently think 

With an ever-growing impact on organizations, and the data pointing towards the benefits of mobilizing more frequently trained Incident Response (IR) teams, is the industry achieving this?

Analysis of 400 CISOs by Osterman Research showed table-top exercising was failing, with 40% admitting they have little confidence in responding teams. This was compounded by the fact that just over half (53%) had taken the step of setting up a regular IR group. In addition, where tabletop exercising was taking place, it was found to be neglecting communications teams (80%) and customer teams (87%). In a modern cyber crisis, which is an all-consuming brand and customer issue, this leaves significant gaps.

Most importantly, the data showed the most common cadence for tabletop exercising is annual. A not insignificant proportion of respondents (7%) even admitted they would only reinforce crisis response skills once every two years.

Micro-drilling is the modern alternative to tabletop exercising. Designed for the contemporary security environment, it enables the kind of continual reinforcement of IR skills that builds collective muscle memory.

It does this by running narrative-led wargames akin to traditional cyber crisis response simulations, but in far shorter, more frequent bursts and through a browser. Organizing a micro-drill for a team is more like setting up a Zoom call, so it is simpler and more cost effective to run a far higher frequency of crisis simulations. In doing so, micro-drills address the traditional problem with skills decay by repeatedly feeding more knowledge, skills, and information into the learning cycle. This compounds learnings and, over time, skills develop rather than wane.

With full data capture on every step taken throughout the simulated crisis, they also provide a valuable feedback loop from which to learn and refine performance, whether individually or as a whole team. Having instant feedback on how each decision affects factors like share price, risk levels and reputation, teams develop greater self-awareness of the impact of their choices, learning as they go.

“The problem with learning new skills is that they quickly fade if we don’t use them often. We become less adept and our competence degrades quickly, so frequency of training is incredibly important, particularly with problem solving and decision-making. Maintaining competence in these skills requires regular refresher exercises – once every two months as an absolute minimum.

“Each time we learn something new we progress and become more skilled, more knowledgeable, and more experienced. This helps us develop a depth of understanding that makes us better able to solve problems and work quickly and efficiently – all of which are critical to effectively handling any difficult situation.”

Building mental agility

“In a cyber crisis, everything changes. Crisis responders must flex to the uncertain, complex and volatile nature of the incident – and they must use enhanced ways of thinking to achieve this.

“This is called cognitive agility. It is the ability to be flexible and open to seeking alternatives to the usual way of doing things. To become proficient at cognitive agility requires a skill called metacognition – put simply, it is the skill of ‘thinking about thinking’.”

Its underlying principle is rooted in a continual cycle of planning, monitoring, evaluating, and reflecting on experiences. People become aware of their own strengths and weaknesses and how these should be developed.

“Without metacognitive skills, cyber crisis responders not only produce suboptimal solutions but also lack the self-awareness to know these solutions are flawed. This is called the Dunning-Kruger effect. The impact of this can be significant, as it can lead to flawed solutions becoming embedded in future incident response plans, creating long term problems with the effectiveness of cyber defence.

“Expert cyber responders are those who use this to think through potential scenarios, making connections with previous experiences through pattern recognition and working out alternatives.  All these techniques help develop an understanding of cause and effect which will improve problem solving and decision making in the uncertain, complex, and volatile world of a cyber crisis event.”

Customizable crisis scenarios exercise technical and non-technical teams on emerging cyber crises, based on the latest threats. Dynamic storylines generate data points to identify strengths and weaknesses, and measure progress. Drop teams and individuals into a range of browser-based crisis scenarios that deliver instant feedback on the decisions – allowing your organization to: