On 11 April 7Safe brought together information security colleagues, peers and friends from a wide variety of roles and organisations to take part in a realistic security incident simulation. Teams of guests were provided with the opportunity to approach the challenges of an increasingly complex attack by a militant hacker group, and a panel of information security experts from 7Safe and PA facilitated to provide useful insights.
Here are some of the headline points from the simulation:
Preparations for incident response must be done well in advance, as opposed to on the fly during an incident. Response procedures need to bring in all elements of the business from PR to legal. They should be resilient to cope with any IT outages and be simple enough to follow in potential chaotic and stressful situations. Getting these arrangements in place in advance could ultimately lead to the different between a successful response and detrimental business impacts.
Basic security controls are still the most fundamental. Checking that simple security controls are in place now will significantly reduce the chance of a security incident occurring. During the evening’s simulation, attackers were exploiting relatively basic security control failures which could be picked up in a typical business orientated security review.
Simulation and role play are excellent ways to convey the importance of good security controls and well-prepared incident response arrangements. By bringing the topic to life, areas of weakness are highlighted, and help to tease out some of the difficult decisions that businesses have to make during a security incident.
7Safe’s Alan Phillips commented, “Although this was but a game, quite a few of the attendees here this evening said that the exercise threw up challenges they know that they need to be more prepared for. I thought that the participants did really well in the cyber-attack simulation by dealing with the things that we cooked up for them. It was designed to be a realistic simulation with some humour thrown in, but there was certainly a serious side to it.”
PA's London office
To find out more about how 7Safe, a PA Group Company can help you improve your organisation’s cyber security, or to run the cyber security game for your teams,contact us.