Cyber Crisis Simulator: ransomware cripples major energy supplier – live it and learn
Immersive Labs’ Cyber Crisis Simulator is an online solution that drops defenders and decision makers into real-time cyber crises. The system challenges teams to make critical decisions when dealing with emerging incidents such as ransomware outbreaks, insider threats, data breaches, and spear-phishing attacks.
Cyber Crisis Simulator has launched and it’s a game changer – it had to be. Ransomware affected over half of all businesses last year, but despite the prevalence of such attacks, companies are still botching their response (except you of course, Norsk Hydro). This points to organizations relying on ineffective crisis response training or, worse, not preparing for crises at all.
The good news is that no matter where your business leaders are, they can now practice incident response using the Cyber Crisis Simulator, which develops crucial soft skills such as decision-making, situational awareness and communication. This kind of training used to require staff to meet physically for slow-moving tabletop exercises. Now, however, your team members only need an Internet browser to tackle “incidents” in tandem.
Our latest scenario, Ransomware: Left Out in the Cold, is the ideal starting point, handing players the reins of a fictional energy supplier struck by ransomware. The story begins with Energon having already paid a multimillion dollar ransom – a decision that contributed to the current, second attack, with Energon now perceived as a “soft target”.
Participants are dropped in at the deep end and must use their experience to guide the company to safer waters, which is no mean feat. The rich storyline twists and turns with every decision made, so whether your responders are crafting a plan, managing anxious staff or fending off the media, hurdles are abundant – just like in a real crisis.
Because there’s no simple solution to running this gauntlet, players must think critically before making a decision. If not, they will struggle to justify their choice, and shots in the dark will become apparent at the scenario's end. The tough challenges are designed to make players push forward when there is no clear path; nothing is simple in a crisis, and the best decision often amounts to the least-worst option. An example of this in the scenario is customer management: do you prioritize enterprise clients and protect your cash flow, or do you neglect profit in favor of heating retirement villages?
We built this scenario because we want to supply the most authentic content around. We also know that believable, relatable incidents will yield the best results – and threat actors continue to target sectors such as power. A survey of security professionals working in utilities, energy, health and transport found that 90% had suffered at least one attack, and this figure is likely to rise. In 2019, for example, India's Kudankulam Nuclear Power Plant was hacked using targeted malware, while more recently – and this inspired the scenario – Enel Group was struck by ransomware twice in a matter of months.
After completing the exercise and discussing their performance, business leaders can security pros to learn more about the ransomwares involved, EKANS and Netwalker, here on Immersive Labs. This means that within hours of completing the scenario and bolstering your organization’s human readiness, your technical teams can ensure they can recognize and mitigate such ransomware, making you as strong “left of boom” as you are post-impact.
If you’re ready to revolutionize your organization’s crisis response training, book a demo with one of our experts today.
6 January 2021
Latest Blog posts
Patch Newsday: 12 October 2021 – Spooky Spooler and Sinister Scores
13 October 2021
Building cyber resilience for the Financial Services sector with breadth and at scale
4 October 2021
OWASP Top 10 2021 has finally landed – here’s why you should care
27 September 2021
Financial Sector Insider Threat: Master Key Compromise
27 September 2021
Patch Newsday: 14 September 2021 – Lousy Browsers and Arsey RCEs
15 September 2021
Analyzing the CVE-2021-40444 exploit
13 September 2021