Types of Incident Simulation
There are many "impact targets" that can be used as a basis for Incident simulation, we have listed some of the more common areas of impact below
Data Loss
Loss of data through malware infection forces the organisation to address the issues raised by wide scale denial of access to data often caused by ransomware. In this type of incident simulation the organisation is confronted with the widespread loss of data contained on shared drives and databases in a test environment where these information resources have been deliberately corrupted. Both IT and business areas are then required to work through their cyber incident response and recovery plans. A typical data-loss / ransomware simulation would focus on recreating the effects of widespread encryption or exfiltration of sensitive data and multiple device infection
Simulation participants expected are to deal with issues such as:
-
Situational intelligence gathering in order to understand the extent of the damage
-
Continual assessment of operational impact and impairment assessment
-
Formulation of technical recovery approaches
-
Deal with and respond incoming updates from within the organisation
-
Communicate with staff, cyber incident response teams, external parties and regulators
Loss of Staff Availability
This type of incident simulation creates an impact of staff unavailability caused by contagious disease outbreak or widespread transport difficulties. The test establishes an impact threshold (say 35% of staff) and then identifies specific members of staff across the organisation who are designated as unavailable. Impacted areas are then required to use their business continuity plans to maintain continuity of critical processes
Pandemic Simulation
It was not too long ago when most commercial organisations considered the concept of a pandemic plan something that was primarily a central government issue focussed on public health - but not an eventuality they need to plan for. Then Covid-19 struck showing just how wrong you can be! A pandemic incident simulation can help you better prepare for the future. Using real-world impacts, incident simulation participants get to experience both the scale nd impact of a pandemic.
Covid-19 showed that a pandemic is possible and it is likely that for the foreseeable future - flare-ups at a national or regional level are bound to occur. Simulating a pandemic seeks to re-create the large scale disruption that can be caused by lockdown, widespread sickness and workforce dislocation. A pandemic simulation should focus on impacts such as widespread staff absence, supply chain disruption and flexibility of the business operating model
Simulation participants would expected to deal with expected to deal with
-
Intelligence gathering related to staff availability and mobility
-
Operational mpact and impairment assessment
-
Communication with staff, recovery and response teams, external parties and regulators
-
Testing widespread remote working
-
Adopting different operating models within the supply chain and fulfilment
Supply Chain Disruption
Incident simulations based on supply chain failure focus on the loss of critical suppliers, forcing participants to consider how the organisation would recover from the loss of several critical suppliers due to a natural disaster in a specific geographic location, for instance
Phishing Attack
To gauge whether or not end users are sufficiently proficient in recognising phishing threats and take appropriate reporting actions, a simulated phishing attack can be performed. This can be achieved by sending all users a fake email that demonstrates one or more attributes of a phishing email and capturing the user action to determine which users were susceptible to the "phishing" email and which users adopted the correct reporting procedure.
Physical Workplace Compromise
Many things can impact accessibility and availability of a physical workplace. From physical damage by fire or flood or denial of access because of a legionella outbreak, the normal place of work can be compromised. Workplace crisis simulations focus recreate the widespread impacts that workplace unavailability can create including:
-
Loss or unavailability of workplace
-
Relocation logistics
-
Remote working coordination
-
Accounting for staff, contractors and visitors
Incident simulation participants would expected to deal with:
-
Intelligence gathering
-
Operational Impact and impairment assessment
-
Communication with staff, recovery teams, external parties and "blue light" services
-
Option to test widespread remote working
These are the main scenarios on which to base an incident simulation - follow this link to read more about other aspects of incident simulations for testing your business continuity plan - alternatively you might want to learn more about the building blocks for performing an incident simulation
Follow or connect with Steve, RiskCentric's owner & founder via LinkedIn