Why cyber drills are the new fire drills
11/23/2023
Cyber security should be considered with the same seriousness as health and safety and treated as a priority by every organisation. However, while most organisations plan and test for physical emergencies – such as mandatory fire drills – the same is not always true for cyber emergencies.
What are cyber drills and why are they so important?
Cyber drills are a way of testing to ensure that plans put in place to protect systems and data are rigorous, reliable, comprehensive and adaptable in the midst of a crisis.
Arunava Banerjee is a Senior Cyber Risk Consultant for Zurich Resilience Solutions, Zurich Insurance, and advises organisations on the importance of cyber drills.
He says: “One of the main pillars of cyber resilience is developing your response capability. Carrying out exercises to test your cyber response is a critical part of this. It’s one thing having a written plan but unless and until you test that plan, how do you know it will actually work when a disaster happens? It also helps to improve the plans and fill up any gaps in the plan.”
Cyber drill exercises should focus on the systems and processes that an organisation most depends on or which deliver greatest value. For a business that sells its products via its website, a cyber drill could involve exercises that aim to identify and mitigate DDOS (Distributed Denial of Service) attacks that aim to flood a website with traffic and cause it to crash. For a public sector organisation, there might be greater emphasis on exercises that aim to prevent or mitigate data breaches or ransomware attacks.
Whatever exercises are carried out, it is important they test not only the effectiveness of firewalls, antivirus software and other layers of cyber security, but also how the organisation’s people will respond in a crisis scenario. Cyber drills can be particularly useful in testing whether there is clarity about roles and responsibilities.
Arunava says: “In a ransomware scenario, for example, cybercriminals will typically ask for a ransom to be paid in a narrow timeframe before they will release the data they have encrypted. If an organisation’s Chief Information Security Officer believes the data can’t be recovered in that time, do they have authorisation to pay the ransom, or will someone else need to take that decision?
“If the criminal is demanding payment in Bitcoin, who in the organisation knows where to get Bitcoin? If the media gets hold of the story, who is authorised to provide a response and how much information should they give?
“It’s important to establish roles and responsibilities in advance and test the effectiveness of plans using cyber drills.” For the same reason it is very important to involve senior manager in these cyber drills.
Cyber response capability also hinges on how well organisations understand and manage cyber risk throughout their supply chain. Cyber drills can be helpful in testing organisations’ dependence on third-party providers.
Changing working patterns are increasing cyber risk exposure
The COVID-19 pandemic has led to sudden and unexpected shifts in working patterns, with more and more people working remotely. This, says Arunava, has increased the cyber threat horizon exponentially.
We’ve been taken out of our offices – our secure cyber fortresses with firewalls protecting us. Identity is the new perimeter of our security, and so security must be core to our identity.
In this new era of remote working, the use of multi-factor authentication to confirm a user’s identification every time they connect to a network, has become critical.
A framework for better cyber resilience
There is no one-size-fits-all approach for building cyber resilience but there are a number of frameworks that can help.
The NIST Cyber Security Framework outlines five core functions, or stages, of cybersecurity: Identify, Protect, Detect, Respond, and Recover.
Using a framework such as this can help organisations to plan for each stage and clearly define roles and responsibilities.
Arun concludes: “Cyber criminals are smart and will capitalise on any vulnerabilities. Even the largest and most sophisticated organisations get attacked, so every organisation, no matter how large or small, should be thinking about how they can improve their cyber incident response capability.”
How Can Zurich Help?
Zurich Resilience Solutions or ZRS provides specialist risk management services for customers. ZRS is basically, risk management beyond risk transfer.
The aim of ZRS is to support our customers to enhance resilience in a rapidly changing world by offering risk identification and mitigation services. This is to proactively manage complex risks and, in some circumstance, uninsurable risks. One of our main areas is cyber.
