How to make cybersecurity incidents hurt less

Cybersecurity incidents can be severe, and could potentially cripple your company or land them in hot water with government and regulatory officials. It is crucial that your company be prepared for possible cybersecurity breaches.

red padlock cybersecurity threat ransomeware
Getty Images

You take time with your staff to regularly review what they should do in a fire (where are the exits? Don’t use the elevator. Where is the muster point? Is the fire department called automatically, or will someone have to call when they are safely out of the building? Who is responsible for doing a count and making sure everyone is accounted for?). You should be doing the same for your cybersecurity. That is where tabletop exercises come in.

The value of tabletop exercises

Tabletop exercises are an essential part of any overarching security strategy. Security needs to be looked at holistically, not as individual disparate areas or functions but as a series of functions that come together under one overarching umbrella. Security exercises like tabletop exercises are a useful way to gauge how effective a company’s current security strategy currently is and help them determine how they can achieve their short-term, medium-term, and long-term security goals.

Tabletop exercises involve addressing a hypothetical cybersecurity breach and working as a team to find a solution to patch the breach and minimize or even prevent damage. You cannot predict every tool you may need tomorrow in the world of cybersecurity, but you can see where gaps are apparent and how to fill those gaps based on priority: high priority gaps must be filled in the short term, the lower priority gaps can be dealt with on a mid to long-term time range.

Running tabletop exercises

When running tabletop exercises, it is important to make sure all of your key stakeholders are involved. This way you can account for each role in the exercise. If your company does not yet have a security strategy or that strategy is not as comprehensive as it needs to be, you should be running exercises that are designed to expose gaps that hackers and other criminals could exploit. Once any gaps have been identified, you will be able to create or improve the security protocols to needed to address possible hacks, breaches, or other cybersecurity crises that may arise.

During your tabletop exercises, your team should run through a variety of possible scenarios that might arise, and analyze how and where they would occur. The four steps of dealing with a cybersecurity attack are:

  1. See the attack
  2. Correlate the attack
  3. Stop the attack
  4. Remediate the attack

When planning your tabletop exercises focus on three to five cases that your team has identified as being the most likely types of attack, or the ones that would cause the most amount of damage.

It is crucial that your team conducts tabletop exercises that include both broad and specific attacks. Broad tests could consist of simulating a brute force attack on your email server or trying to breach your company’s firewall (a test that could expose a large number of vulnerabilities). Specific tests could include scenarios such as what to do if an employee picks up a USB stick in the parking lot and connects it to a machine in your network, thereby granting an unauthorized party inside access to your network. Another type of specific test could involve determining a strategy for a scenario in which an employee downloads a bad payload (such as a computer virus) when they open a suspicious link in an email.

Penetration tests

If you want to take your cybersecurity tests even further, you may want to consider running a penetration (or ‘pen’) test. A penetration test essentially entails hiring an ethical (or “white hat”) hacker to try and break into your system. If they find any weak spots that they can exploit to gain entry they will then disclose these weak points to your company so you can create solutions and improve your security.

There are different levels of pen tests. A well-conducted pen test, like the ones we run at VirtualArmour, will test many areas of your security system. External pen tests involve having someone try and break into your system from the outside using a hole or vulnerability and gain access. Internal pen tests are similar, but the attack is launched from inside the network (such as the employee with the USB stick or the employee who opened the suspicious email attachment).

Running tabletop exercises and penetration tests is an integral part of preparing for and minimizing the damage of, cybersecurity breaches. By working through possible scenarios thoroughly when nothing is at risk you and your team will be much better prepared should there ever be an actual breach.

Basic cybersecurity relies on a secure network, and vulnerability management is key to keeping your network secure. The vulnerability landscape is changing by the second and it’s imperative that your company is made aware of any security gaps as quickly as possible so they can be patched and mitigated swiftly. The tools hackers use to do things like perform brute force attacks, look for holes in security and crack WiFi networks are continually evolving. Conducting tabletop exercises and pen tests is one way you can help your company remain secure.

This article is published as part of the IDG Contributor Network. Want to Join?

SUBSCRIBE! Get the best of CSO delivered to your email inbox.