How to Facilitate an Executive-Level Cyber Crisis Management Exercise
This session at the RIMS 2018 Annual Conference was led by Sean Murphy, Chief Executive Officer of Lootok, Ltd., and Ben Densham, CTO of Nettitude.
According to research developed by Cybersecurity Ventures, cyber crises are estimated to cost $2 trillion by 2019 and $6 trillion annually by 2021. Cyber security spending on products and services is on the rise and by 2021 spending is expected to top $1 trillion. Exposure is rapidly increasing as 50 million IOT devices are expected by 2020, with 6 trillion people online. Cyber is the fifth area of warfare (land, sea, air, space) and is borderless.
Traditionally, a cyber crisis has fallen to the responsibility of IT, risk management, and senior executives. The reality is this is a global problem and the responsibility of everyone in the company.
The average time of identifying a breach by the root case is 214 days, and 60% of the time, that detection and notification comes from an external party or business partner. The average time to contain that breach is 77 days. For a breach that is not contained within 30 days, the average estimated cost increases by $1 million.
Prepare your organization’s leaders to take on the borderless global internet infrastructure through a cyber crises game plan based on situational awareness, engagement awareness, and continuous exercising and assurance testing.
Situational awareness is understanding your current risk, knowledge of likely threat (who may attack you and how), and knowledge of your organizational environment (devices, cloud services, social media outlet exposures). Threats evolve and change, so staying on top of the methods, techniques, and intent of attacks is critical.
Engagement Awareness is based on defining the journey, creating the exercise, and preparing to facilitate the exercise. Defining the journey includes identifying the stakeholders and their status – unaware, draftee, enlisted, loyalist, and evangelist, and understanding the value proposition, incentives (positive & negative), barriers, and leverage points). The exercise runs through a carefully crafted series of introductory communication, comprehensive exercise explanation, memorable exercise execution, thank-you communication, providing findings and lessons learned information and documenting the experience.
Effective assurance testing includes threat based planning, simulated testing, and detect and response assessment. This can be executed through desktop exercises, paper based simulations, technical simulation of threat actors (testing defenses and alerts), teams simulating threat actors (defense team vs response team), and ongoing assurance testing program that is threat lead with clear objectives and analysis.