Cyber Attack Simulations
What happens during cyber attack simulations?
The table below outlines the key elements of our cyber attack simulation service. Our overall aim is to recreate the situations that can occur during a cyber attack and provide participants with a "hands-on" experiential learning setting where they will encounter the challenges typically encountered by organisations that have suffered a real-life cyber attack. We can, of course, tailor our cyber attack simulations to specific cyber attack scenarios and your own specific requirements for assurance
Key Elements of Cyber Attack Simulations
We recreate the discovery process by showing participants in the cyber attack simulation what it looks like when the attack first manifests itself. Different groups of participants (office based workers, remote workers and It support specialists all see the incident from a different angle
Mobilising the cyber incident response team
This part of the cyber-attack simulation re-creates the initial incident notification to the cyber incident response team. Participants are asked to operate the internal notification process to all members of the cyber incident response team
Notify regulators & other parties
Depending on the particular scenario forming the cyber attack simulation, the process of notifying regulatory and possibly law enforcement agencies is rehearsed. here we are looking at participants knowledge of who to contact and what information to provide
Preservation & assessment of Impact
This is primarily an activity within the cyber attack simulation that focusses on actions to be taken by IT specialists. This stage tests the capability of the IT department to identify damage caused by the attack, the speed that the attack is progressing and the interface between It specialists and the cyber incident response team
The cyber attack simulation then moves on to test the invocation process, the point at which the whole cyber incident response plan is put into effect. We now start to look at how the organisation mobilises internally and how it communicates externally. At this stage in the the cyber attack simulation we may simulate social media activity, mainstream media interaction and internal messaging by using our communications simulator, Facilt8r
Shutting down IT
In some scenarios the cyber attack simulation might involve a complete shutdown of IT. The simulation provides an environment for the organisation to rehearse this process
Any business continuity or incident response test when a structured walkthrough or full blown cyber attack simulation, needs to have a few challenges thrown in to create realism. Our cyber attack simulation service includes several "curve-balls" that can occur during a real cyber attack
Infrastructure cleansing & restoration
If your organisation has been affected by a cyber attack which has exfiltrated or corrupted large amounts of data, there will be malicious code lurking somewhere in your IT infrastructure. The process of restoring everything to a "trusted configuration" - can also be included in the simulation. However, given the time that this can take, this part of cyber incident response is often conducted separately. We normally recommend that configuration and data restoration is conducted as a completely separate activity to inform the subsequent cyber-attack simulation by establishing the organisations intrinsic recovery "window".
The aftermath of a major cyber cyber attack can go on for months. If Personally Identifiable Information (PII) has been exposed, you can expect a significant uptick in Data Subject Access Requests. Organisations have found that they need additional resources to support this (and the money to pay for it) for several months after the immediate effects of the attack have been remediated.