We recreate the discovery process by showing participants in the cyber attack simulation what it looks like when the attack first manifests itself.  Different groups of participants (office based workers, remote workers and It support specialists all see the incident from a different angle

This part of the cyber-attack simulation re-creates the initial incident notification to the cyber incident response team. Participants are asked to operate the internal notification process to all members of the cyber incident response team

Depending on the particular scenario forming the cyber attack simulation, the process of notifying regulatory and possibly law enforcement agencies is rehearsed. here we are looking at participants knowledge of who to contact and what information to provide

This is primarily an activity within the cyber attack simulation that focusses on actions to be taken by IT specialists. This stage tests the capability of the IT department to identify damage caused by the attack, the speed that the attack is progressing and the interface between It specialists and the cyber incident response team

The cyber attack simulation then moves on to test the invocation process, the point at which the whole cyber incident response plan is put into effect.  We now start to look at how the organisation mobilises internally and how it communicates externally.  At this stage in the the cyber attack simulation we may simulate social media activity, mainstream media interaction and internal messaging by using our communications simulator, Facilt8r

In some scenarios the cyber attack simulation might involve a complete shutdown of IT.  The simulation provides an environment for the organisation to rehearse this process

Any business continuity or incident response test when a structured walkthrough or full blown cyber attack simulation, needs to have a few challenges thrown in to create realism. Our cyber attack simulation service includes several "curve-balls" that can occur during a real cyber attack   

If your organisation has been affected by a cyber attack which has exfiltrated or corrupted large amounts of data, there will be malicious code lurking somewhere in your IT infrastructure. The process of restoring everything to a "trusted configuration" - can also be included in the simulation.  However, given the time that this can take, this part of cyber incident response is often conducted separately. We normally recommend that configuration and data restoration is conducted as a completely separate activity to inform the subsequent cyber-attack simulation by establishing the organisations intrinsic recovery "window".

The aftermath of a major cyber cyber attack can go on for months. If Personally Identifiable Information (PII) has been exposed, you can expect a significant uptick in Data Subject Access Requests. Organisations have found that they need additional resources to support this (and the money to pay for it) for several months after the immediate effects of the attack have been remediated.