Most organizations now expect to be hacked, so why is incident response being neglected?

Rarely a day passes without a major hack making headlines, whether it’s Russia targeting coronavirus vaccine research or malicious actors compromising Twitter. Organizations of every size are at risk, with attackers increasing in activity and ingenuity every year. It’s little wonder then that over 50% of businesses now expect to be hacked, understanding that it’s a matter of ‘when’ and not ‘if’.

But despite predicting the worst – a mindset that can be constructive when harnessed – many organizations don’t have an incident response plan, or they disregard the human element of cybersecurity by failing to stress-test their response teams. This is like living in a hurricane-prone area and not investing in any kind of defenses for your home. The outcome won’t be pretty.

If you’ve spoken to a red teamer, you’ll know they’re rarely caught when testing organizations, despite being noisier than most illegal hackers. Tom Van de Wiele, an experienced ethical hacker, said that if he’s caught it’s usually because he wants to be: “It’s really just to make sure that we can test the process, and it’s usually late in the test. So, in the last few days or the last week of the test, our attacks will become a lot noisier just to be able to see how they are reacting to it. But it’s usually already after we’ve obtained the objectives.” When you realize a hacker could be moving about your network unidentified, the need to prepare for the worst becomes clear.

In the real world, it’s not uncommon for organizations to discover they’ve been hacked via the news, and this will happen more now that coronavirus has exacerbated hacker activity. Attacks on banks have risen 238% since the pandemic struck, while a quarter of all attacks now target healthcare, an industry that takes 103 days to contain a breach on average – longer than any other. All the tech in the world won’t stop a determined threat group; just look at the Target breach of 2013, where 300 security staff and millions of dollars of kit couldn’t stop attackers roaming around the retailer’s network for several months.

These stats show that it’s vital for organizations to implement incident response plans and exercise their response teams regularly. You might not be able to thwart an attack, but you can certainly alleviate the damage done to your customers, bank account and reputation. Our research has shown, however, that a quarter of infosec leaders are unsure if their business even has an incident response plan – and having one is only half the battle. Cyber crises are unique scenarios requiring responders who’ve experienced similar events in the past, which makes getting executives to practice lifelike crisis scenarios essential.

The cost and effort of crisis response training has dissuaded organizations in the past, but you can now test human readiness without resource-intensive physical tabletop exercises. Immersive Labs’ Cyber Crisis Simulator is a browser-based solution that challenges teams to make critical decisions when dealing with emerging incidents such as ransomware outbreaks, insider threats, data breaches and spear-phishing attacks. It works on the principle that simulations are the best way to equip your people – practical exercises that build muscle memory in preparation for the real thing. After all, cyberattacks don’t happen on paper; you need people who can replicate actual experiences to minimize damage quickly.

Our Cyber Crisis Simulator’s responsive scenarios create rich, realistic storylines that twist and turn based on the choices your people make. They are designed to drive your organization's cyber resilience and human readiness, preparing it to face the real-world consequences of a cyber incident. It tracks individual and team responses in real time, providing executives with an instant view of performance and packaging post-exercise insights into areas for improvement.

Is your organization one of the majority who now expect to be hacked? If so, begin preparing today and check out our groundbreaking product for yourself.

TOPICS
Blog
Cyber Crisis Sim
Exercising
PUBLISHED

28 July 2020

We help businesses to increase and evidence human capability in every part of cybersecurity.

Legal