By detecting and responding to simulated cybersecurity incidents, companies are only going to learn what works best and what opportunities exist to improve their security practices, before the actual crisis takes place, says Vikas Bhonsle, CEO, Crayon Software Experts India.
The best way to be assured about any security process or solution is to test it in a simulated situation, i.e. to do a safety drill. A mock crisis can help to evaluate if the organization is well prepared to face a real one. In cybersecurity practices too, such tests can audit the incident detection & response plan of the company. Nobody, after all, wants to face a real-life cybersecurity incident. To address this, companies can run a mock drill where a team of experts can act as ‘bad players’ and try to breach the organization’s network. During the drill, the appointed team or person will try to break-in into the organization’s cybersecurity infrastructure. This activity will reveal the weak spots and loopholes and understand where the IT team needs to work and where policies need adjustment. This can be done with the help of the in-house IT staff within the prescribed boundaries. However, at times an outside specialist can be better at doing this job.
The tabletop exercise is also an easy method to employ, where participants are given the basic knowledge of how they must act in a hypothetical situation. Also, employees must be made aware of different threat vectors that they may come across, like phishing and spear-phishing attempts. At times, people unknowingly click on unsuspecting emails letting malicious software get into their machines. In a drill, a mock phishing email can be sent with an attachment or link that goes to a mock login page, which will show how many people not only click on dubious links but also insert their credentials. These drills have to be conducted without prior warning so that the recipients won’t be on guard. Other than that, running a mock denial-of-service (DoS) attack will show how quickly the IT team notices that something unusual is happening.
By detecting and responding to simulated cybersecurity incidents, companies are only going to learn what works best and what opportunities exist to improve their security practices, before the actual crisis takes place.