We recently surveyed over 400 CISOs to discover how they plan and execute their incident response strategies. This second dive into the data digs into the human element.
It’s easy to assume that a successful response to a cyber crisis is founded in a strong technology strategy. This, however, masks a more nuanced truth.
When the enemy is inside the perimeter and the senior team wants decisive action, it’s human decision-making that makes a difference. Couple this with the fact that cyber crises are now organizational convulsions rather than events that can be swept under the carpet, and it becomes apparent that effective breach response requires a cross-section of stakeholders.
Exercise with a breadth and depth of people
Unsurprisingly, our senior security leaders said that cybersecurity, IT, and business continuity teams are most involved in cyber crisis scenarios. No prizes for guessing that one.
Bear with us though, because the data also draws an interesting picture of under-representation from those outside of the technical teams. For example, just 13% of the CISOs we questioned bring customer teams into exercises and only 20% invite communications executives. Considering these participants are responsible for the company’s external face – it’s their job to protect brand, reputation, customer touchpoints and revenue, after all – this omission could be a significant oversight.
The numbers also highlight that almost half of all exercises (41%) run without a member of the C-Suite being present. The buy-in of top executives is crucial to engaged exercising, not to mention effective tactical response when a crisis hits, so their absence could be yet another potential shortcoming. A real crisis typically consumes senior management – it makes sense that this should be reflected in crisis exercises.
Geographic fragmentation is another potential barrier to exercising with the necessary human breadth to build an effective crisis response. Over a fifth of all senior security leaders (21%) said legacy training techniques and processes made it impossible to exercise globally dispersed teams. This raises the question of how organizations will adapt to a world in which the majority of incident responders work from home.
Frequency of touchpoints with a broad range of teams
Forming a cross-disciplinary cyber crisis working group is important when ensuring the ongoing engagement of a range of teams because it keeps the topic of cyber incident response front of mind.
Interestingly, the research showed that just over half of those questioned had taken this step (53%).
83% of respondents say cyber crisis working groups, where they exist, meet less than once a month, with most sitting either quarterly or every six months. This tempo is simply not enough to keep pace with an attack landscape that can change almost daily.
Like exercising, such initiatives are an important mechanism for assessing crisis readiness and, more importantly, keeping participants updated with information on emerging threats, legislation and other changes. The data suggests that most organizations favor an intermittent approach to bringing people together rather than developing a close team with a regular cadence.
Frequency and depth of exercising without resource burn
At Immersive Labs, we believe the most effective crisis response team is one that brings together a cross-section of expertise to exercise preparedness on a regular basis. This is why we developed Cyber Crisis Simulator, a platform that allows teams to exercise remotely using a set of crisis scenarios regardless of technical understanding.
Designed to appeal to a cross-section of skill sets, these short browser-based drills bring together everyone from communications to cybersecurity teams to exercise with the kind of regularity designed to develop cyber crisis muscle memory. Each scenario uses metrics that apply to a variety of roles, such as impact on share price or reputation, and taking part in an exercise is as simple as accepting a meeting invite. To see the Cyber Crisis Simulator in action, book a demo below.
Published
14 August 2020
Cyber Crisis Response: Fit for today’s threat landscape?
