Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

12/28/2020
10:00 AM
Steve Durbin
Steve Durbin
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

10 Benefits of Running Cybersecurity Exercises

There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.

Keeping information secure is a difficult task, even if you have bountiful resources. With companies like Nintendo, Twitter, Marriott, and Zoom all suffering high-profile data breaches recently, it's clear that no one is safe from cybercriminals. While most organizations understand the need to build defenses and develop policies to reduce the risk and potential impact of a successful cyber attack, many fail to rigorously test those defenses.

Cybersecurity exercises are useful simulations of specific cyber attack scenarios that enable organizations to gain valuable insights into their real-world response. From basic, small-scale, brief tests to complex, wide-scale, sustained attacks, cybersecurity exercises can provide verification that your defensive strategy is effective or highlight weaknesses that require immediate attention.

Related Content:

How Elite Protectors Operationalize Security Protection

Building an Effective Cybersecurity Incident Response Team

9 Disaster Recovery Planning Tips for a Disaster-Prone Time

Despite their importance, 74% of respondents to the ISF Benchmark stated that they do not subject critical systems under development to cyber attack simulations or exercises. This may be because cybersecurity exercises are perceived as time-consuming, expensive to run, and potentially disruptive. If planned properly, there's no reason that should be the case. Cybersecurity exercises can deliver some truly compelling benefits. Consider these 10 examples of how. 

Identify Your Strengths
There's a lot of focus on uncovering weaknesses and problems during cybersecurity exercises, but there's also major value in identifying what's working well for your organization. Robust strategies can be emulated elsewhere, smart policies can serve as templates, and effective employees can help to train others.

Improve Your Response
Perhaps the most obvious benefit of running a cybersecurity exercise is that it gives you an opportunity to improve your response to future attacks. An exercise may back up the theory behind your defensive strategy with evidence, or it might point to the need for a fresh approach. Either way, it will drive you to improve.

Train People
There's no substitute for hands-on experience. Cybersecurity exercises provide employees with practical experience of dealing with an attack, they boost awareness of the possibilities, and they can teach people all about the right way to respond. Learning is always more effective with a practical component.

Define Costs and Timescales
In preparing for attacks, many assumptions and estimates are made about what resources are required to handle different scenarios and how long it will take to resume normal operations after an attack. Cybersecurity exercises paint a clearer picture of the costs and timescales involved, giving you hard data to help you build greater resilience, or use for any financial justification that might be required.

Determine External Needs
It's unrealistic, even for many major organizations, to maintain a team capable of handling any attack scenario without external assistance. Which attack scenarios require external help? How quickly can external expertise be secured? How much will it cost? Running security exercises can help to answer these questions. 

Collect Metrics
Setting expectations for how swiftly different aspects of an attack should be handled and how effective defensive actions should be is vital in defining your strategy. But you can only prove that they are being met when an attack occurs, or by employing a security exercises. This data should inform future strategy and guide your approach.

Identify Your Weaknesses
Whether there are technical vulnerabilities lurking on your network or weaknesses in security controls, cybersecurity exercises can expose them. They may also reveal the need for better training or new talent. Identifying specific weaknesses enables you to craft remediation plans and act immediately to improve.

Update Your Policies
If your current policies, standards, and guidelines aren't effective then it's time to revisit them. Effective incident response policies will drastically reduce the potential damage and disruption a cyber-attack can wreak. Regular policy revision is important and security exercises can provide useful evidence to guide that revision.

Find Non-Compliance Risks
The potential cost of breaching legal, regulatory, or contractual requirements is enormous, even if that breach is unwitting. Exposing compliance issues can prove difficult, but that does not mean they don't exist. Cybersecurity exercises can help to uncover areas of non-compliance, giving you an opportunity to fix them and avoid unnecessary legal – and financial –exposure. 

Increase Threat Awareness
From entry-level employees to the board of directors, lack of awareness about the nature of cyber-attacks and the scale of the threats they pose can be catastrophic. Failure to recognize the risk and react accordingly always exacerbates the problem, making a bad situation much worse.

Practice makes perfect. It's common sense to accept that rehearsals serve an important function in readying people for the actual event. Cyber attacks are inevitable, but it's how you respond that will dictate the impact on your business. Not only do cybersecurity exercises help to build awareness and understanding across your organization, they test your defenses, identify strengths to build on and weaknesses to mitigate, and offer invaluable practical experience.

 

Steve Durbin is CEO of the Information Security Forum, an independent, not-for-profit dedicated to investigating, clarifying and resolving key issues in information security and risk management. He is a frequent speaker on the Board's role in cybersecurity and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...