When the Cybersecurity and Infrastructure Security Agency (CISA) conducted a cybersecurity assessment across multiple organizations, they found that eight out of ten fell victim to simulated phishing attempts. Ten percent of organizations even clicked on malicious attachments or links.
The reality is that organizations are constantly at risk of cyberattack. Criminals are continuously finding new ways to trick employees or otherwise bypass security systems and gain access to a company’s vulnerable data. To combat this, employers use different methods to address cybersecurity skills gaps. One such method is incident response training, which allows the defenders on your team to practice incident response. This helps workers know how to respond to cyberattacks.
There are many different types of training available, from online courses to hands-on workshops with cybersecurity experts, each with its own pros and cons. Read on to understand why incident response training is so essential and see takeaways from a recent episode of Inside the CISO’s Office that demonstrates the value of tabletop exercises in testing a company’s cybersecurity preparedness.
Ensuring continuity in times of crisis
Knowing how to react to a cyberattack is half the battle. From using an e-mail client’s phishing notification button to relying on IT services from companies like CBTS to secure your data and infrastructure, understanding the proper response to a situation is vital.
That means companies must be agile. Hackers constantly use new tactics, which necessitate responses to previously unseen situations. As a result, companies need more than preventative measures. They need employees to be able to react dynamically, working together to:
- Detect an attack.
- Contain it.
- Eradicate the threat.
- Recover and resume business.
Failing to respond to an incident adequately can be disastrous. Sensitive data could be stolen, the business could be out of operation for an extended period, its reputation could be damaged, and organizations may even pay exorbitant fines to cover customer losses.
Also read: What is a security assessment?
What is incident response training?
This is where incident response training comes in. Its purpose is to educate a company’s workforce on handling and responding to cyberattacks by running through real-world scenarios. Outdated cybersecurity training methods ensure employees can use the security tools and processes provided—which organizations often spend vast resources to implement—but might overlook an essential component: properly training workers.
There are incident response training types that cover an overwhelming number of topics, such as:
- Ransomware attacks.
- Internet accessible systems.
- Web and e-mail server attacks.
- DNS infrastructure tampering.
- Indicators of compromise (IOC).
- Log management.
The wide variety of guidance available is due to the complexity of cyberattacks, necessitating employees to have a thorough understanding of many different aspects of cybersecurity. The best way to gain this knowledge is through real-world applications.
The power of gaming
One way to simulate real-world cyberattack situations during incident response training is tabletop gaming. It is a cost-effective approach that also identifies areas where further training is needed, using employees as players to simulate an incident fun and informatively.
One such game is Backdoors & Breaches from Black Hills Information Security. A recent Inside the CISO’s Office episode saw Justin Hall, Senior Manager of Research at Tenable, and CBTS security consultants John Bruggeman and Ryan Hamrick play Backdoors & Breaches—demonstrating how the tabletop game tests a company’s cybersecurity preparedness.
The game uses cards to build randomized incidents. For instance, as featured in the Inside the CISO’s Office episode, a disgruntled employee disabled a company’s servers. It was up to John and Ryan to use cards describing the responses employees can utilize, from a server analysis to a SIEM log analysis. A vital aspect of the game is that the players must use logic, determining which tools and practices are the correct response to the situation. The players used endpoint analysis to determine how the disgruntled employee could escalate privileges he did not originally have on the company’s servers.
Using further cards such as user and entity behavior analytics (UEBA) ultimately gave the players the complete picture of the incident, gaining the knowledge they needed to figure out the hacker’s behavior and finish the game.
Also read: Fortifying the perimeter: Zero trust, AI-driven endpoint security, and the rise of MXDR
Endless teaching moments
The result of playing Backdoors & Breaches was a practical demonstration of a real-world situation in which employees must work together to determine the correct reaction to a cyberattack. It demonstrates how tabletop exercises provide valuable insight into a team’s skills (or lack thereof) while reinforcing the need for agile thinking when dealing with disruptive attacks.
Tabletop games can be a cost-effective way to do incident response training in the workplace and can even be played online for free at Backdoors & Breaches. From there, companies can act on newly identified vulnerabilities to further the maturity of their security program and mitigate risk. One way to achieve this is to rely on security experts such as CBTS for security consulting, managed security services, and support that strengthens a company’s security stack.
Our experts are ready to help protect your business. Learn more about the suite of security solutions CBTS offers, or contact our security experts today.
