Exercises can help organizations train for wide range of cyber threats

Customized education can boost security awareness at every level of operation

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

It’s no secret that cyber­se­cu­ri­ty has become a more press­ing issue over the past decade. Accord­ing to a PWC Glob­al State of the Infor­ma­tion Secu­ri­ty Sur­vey in 2015, the num­ber of cyber­se­cu­ri­ty inci­dents has increased at an annu­al rate of 66 per­cent. Both the range and com­plex­i­ty of cyber threats are expanding—from ran­somware to com­pro­mis­es of crit­i­cal infra­struc­ture.

Yet, when those threats mate­ri­al­ize, too few busi­ness­es and gov­ern­ment enti­ties have devel­oped the pro­to­cols need­ed to esca­late resources, coor­di­nate sup­port, and respond to an attack. While the need for these strate­gies has spanned more than a decade, it is even more imper­a­tive now as we con­front a grow­ing array of threats.

Ten years ago, Nor­wich Uni­ver­si­ty Applied Research Insti­tutes (NUARI) launched the DECIDE Plat­form, with sup­port from the Depart­ment of Home­land Secu­ri­ty, to chal­lenge lead­er­ship to engage across their orga­ni­za­tions and respond to crip­pling cyber attacks. It is crit­i­cal that the entire firm be pre­pared to respond in the event of a cyber breach.

Relat­ed sto­ry: Secu­ri­ty aware­ness train­ing is becom­ing a vital secu­ri­ty tool

While DECIDE was ini­tial­ly devel­oped to engage the finan­cial mar­kets and sup­port crit­i­cal infra­struc­ture, the plat­form has migrat­ed to engage lead­er­ship across con­ti­nents, sup­port­ing their teams’ and indi­vid­u­als’ cyber pre­pared­ness. To do this, DECIDE offers a wide array of cut­ting-edge threat sce­nar­ios, ensur­ing enti­ties can test their deci­sion-mak­ing capa­bil­i­ties and enhance strate­gic com­mu­ni­ca­tions. Orga­ni­za­tions can devel­op com­pre­hen­sive response plans that address pre­vi­ous vul­ner­a­bil­i­ties head-on.

Sim­u­la­tion pays off

When a cyber threat hits, there is no time to lose. Firms must take proac­tive oppor­tu­ni­ties to iden­ti­fy the gaps and needs that oth­er­wise lead to busi­ness dis­as­ter. DECIDE offers firms the chance to sim­u­late a par­tic­u­lar sce­nario time and again to ensure they make the right deci­sions in the heat of the moment.

How­ev­er, that is not enough. DECIDE also offers eval­u­a­tion tools and after-action reports for each exer­cise, both of which con­tain insights that become the core ele­ments of a firm’s opti­mal response play­book. And the play­book grows over time, con­tain­ing plans to deal with sup­ply chain hard­en­ings or ran­som demands. In turn, orga­ni­za­tions can use those plans to deal with the tri­ad of cyber­se­cu­ri­ty threats to con­fi­den­tial­i­ty, integri­ty and avail­abil­i­ty.

Such a roadmap also ensures indi­vid­u­als across an orga­ni­za­tion under­stand their role in the face of an attack. From the oper­a­tions and infor­ma­tion secu­ri­ty ana­lysts to those in the busi­ness office, every employ­ee must be aware of how to bet­ter counter cyber threats.

No weak links

That threat also can esca­late and extend beyond the con­tours of a par­tic­u­lar orga­ni­za­tion. It is why each of those indi­vid­u­als must be at the ready to coor­di­nate with part­ners and enti­ties across sec­tors, seam­less­ly coor­di­nat­ing a response to mit­i­gate the impact of an attack.

DECIDE pro­vides large-scale exer­cis­es in which they can per­fect that response. Con­sid­er the Quan­tum Dawn series, which, over three iter­a­tions, has helped the finan­cial sec­tor devel­op effec­tive response strate­gies and mar­ket mech­a­nisms. Then, there is the Crit­i­cal Infra­struc­ture Pro­tec­tion Exer­cise series, where orga­ni­za­tions from across sec­tors can ensure they know how to act in the face of an esca­lat­ing threat.

Beyond DECIDE, NUARI builds cus­tomized edu­ca­tion prod­ucts for mil­i­tary, acad­e­mia and pri­vate sec­tor firms. These cyber­se­cu­ri­ty and crit­i­cal infra­struc­ture focused cours­es get to the core mis­sion, ensur­ing orga­ni­za­tions can build resilience across their teams and sup­port indi­vid­ual pre­pared­ness against the next cyber threat.

Even though both the range and com­plex­i­ty of cyber threats con­tin­ue to expand, stake­hold­ers across sec­tors can now build the toolk­it and devel­op the pro­to­cols to effec­tive­ly respond in turn.

More sto­ries relat­ed to busi­ness cyber­se­cu­ri­ty:
Self-train­ing pro­grams for IT staff, execs effec­tive­ly boost cyber­se­cu­ri­ty
Busi­ness­es must remem­ber shared cloud secu­ri­ty requires shared respon­si­bil­i­ty
When it comes to cyber­se­cu­ri­ty, gap between IT, board­room must be bridged