Practice makes perfect: prepare for a cyber crisis

Blog by: Kevin Coellen

Recently, Northwave conducted a large international crisis exercise. Over 60 participants from 11 countries on 3 continents participated in a Ransomware scenario in which the production of the organisation was brought to a complete standstill.

The exercise

Imagine this situation: complaining customers, dealing with irritated employees, handling inquisitive journalists and a plethora of other stakeholders, while trying to understand what is happening to your company and IT network. This is the reality of the complex and complicated situation that a company will face in the event of a cyberattack. The exercise based on a real-life scenario was created to accurately simulate this situation and the accompanying feelings, aiming to push the 60 participants from over 11 countries out of their comfort zone. They were challenged to deal with information and questions coming from all sides: phone calls, E-Mails and a whole fictitious Social Media environment were used to deliver the over 200 injects to the respective receivers. Each aspect had a crucial role to immerse the participants into the scenario that was created for them by Northwave.

The goal of the exercise was to improve teamwork, communication and collaboration between the teams to overcome the challenges the crisis was posing. Starting with the initial dilemma: Is this already a crisis or still an incident? But this was not all, they had to make up their mind about issues such as: do we cut the network connection? What kind of implication would that have? What do we communicate, and when, and to whom? All these and more questions needed to be discussed during the exercise and decided upon.

Naturally, a Crisis Exercise would not be complete without the final and highly crucial part: a real-life negotiation with the “hacker”. For the exercise, Northwave’s own negotiation tool was used to show the participants what to expect from a situation like this.

The participants did a good job using pre-existing and pre-defined structures and processes to guide them through the turmoiled time. Distinguishing assumptions from facts and using the latter to guide their decisions on how to proceed.

Practice is crucial

It is hard to overestimate the importance of exercising your incident- and crisis response. We could list dozens of quotes from “A failure to prepare, is preparing to fail” to “Everyone has a plan until they get punched in the face” that underline that a big part of preparation is testing your own processes, plans and assumptions.

Not exercising means that the first time you will use your crisis plans and procedures will be in an actual crisis. If that sounds a little daunting, that is understandable. Testing those plans will show weak spots, wrong assumptions and potential bottle necks before an actual incident occurs and gives the opportunity to amend the plans accordingly.

The exercise gives valuable insights in one’s crisis organisation that can only be acquired when using it in real life. Combined with the observations of the observers, there is a whole fundament of ideas to incorporate for future plans.

More information

If you, too, want to test your Cyber Resilience, your cyber incident response plan or your cyber crisis management, Northwave offers customised state-of-the-art exercises from small table-top to full blown live exercises. Combining several inject delivery channels with tools like social-media trainers and negotiation simulations ensures an immersive and valuable experience for you and your team. Being able to draw from the experiences from our in-house CERT (Computer Emergency Response Team) and Red-Team, we ensure that our exercises include the newest trends and threats.

Choosing to practice will not only get you better prepared for a cyber incident, it also gives you peace of mind knowing you have your preparations in order. Additionally, you can detect points of improvement, while having Northwave by your side to actively work together on all aspects on your security, such as the tools, people and policies & processes to ensure you will have a safe digital journey.

To get to know more about how to test and improve your Cyber Resilience, get in contact with us to see what we can do for you.