September 11, 2019 By Jasmine Henry 4 min read

Are you really prepared to respond to a cyberattack? You don’t want to discover halfway through a data breach that your incident response (IR) playbook cracks under pressure. Just 23 percent of organizations have a consistently applied cybersecurity response plan, according to IBM Security and the Ponemon Institute’s recent “2019 Study on the Cyber Resilient Organization,” and even fewer firms know if their playbook can perform. What’s more, only 54 percent of organizations with an IR plan regularly test it.

Cyber range simulations help build preparedness by allowing organizations to stress-test an IR playbook in a real-world situation. Immersive training builds situational awareness in a way that’s very hard to replicate with tabletop exercises or classroom training. Simulation leads to on-the-ground experience and offers numerous benefits, including performance data, real-time expert feedback and cross-functional training.

10 Reasons to Visit the Cyber Range

Many security leaders don’t know how their team will perform under attack. You can’t predict whether or not your organization will be a target, but you can predict how you’ll respond if you’re prepared. After observing hundreds of teams on the front lines of an attack, Global X-Force IRIS lead Wendi Whitmore identified five characteristics of the best response teams:

  1. Tactical skills
  2. Dynamic technology
  3. Threat intelligence
  4. Comprehensive remediation
  5. Real-world training

It’s simple: Your team needs to prepare to immediately respond to an attack and protect the enterprise. Simulation drills benefit both IR staff and enterprise preparedness, so build confidence in your IR capabilities by paying a visit to the cyber range.

Here are 10 reasons to test your incident response with cyber range simulations.

1. Performance-Based Data

Running drills on the range provides real-time access to performance data, which is a tactical advantage over tabletop simulations. This data shows risks and opportunities across technical, communications and leadership competencies, and how your performance measures up to industry KPIs. Security leaders can take this data directly to business stakeholders to create a plan for urgent action, workforce succession or technological improvements.

2. Expert Feedback

A range can put your team side-by-side with industry experts who have decades of experience in real-world response and threat intelligence. You can learn from individuals who have trained thousands of enterprises on cyber resilience. This provides the opportunity to benchmark your organization against the most mature firms and perform a gap analysis on opportunities.

3. On-the-Job Experience

Simulated work experience on the range is an invaluable training tool for a green security operations center (SOC) staff. Just 2 percent of cybersecurity leaders believe university graduates enter the workforce well-prepared for cybersecurity challenges, according to a recent ISACA study.

Simulations can strengthen the cybersecurity bench with internal talent development, including providing critical experience to less-practiced members of the workforce. Incident response drills can be tailored by industry to simulate an attack on complex environments.

4. Assess Potential Hires

Cyber range simulations provide an opportunity to assess individual strengths, give feedback to current employees and assess prospective hires during a job interview. Range simulations can also help identify high-potential job candidates who may lack traditional technical backgrounds based on how they communicate and collaborate under pressure.

5. Test New Ideas and Tech

Simulated cyber response scenarios enable security leaders to evaluate new technologies in a real-world situation before those solutions are brought into production. Simulation is a low-risk, low-cost way to incubate sophisticated ideas and learn from failures. Technologies and concepts that pass the range can be scaled to the enterprise security strategy when you’re confident the IR team is ready.

6. Train Non-Technical Staff

Incident response simulation doesn’t just benefit SOC employees. The most effective range exercises unite security and business specialists by bringing the entire playbook to life. This can provide valuable learning experiences for leaders from legal, human resources, communications and finance. In a cross-functional exercise, business leaders may be tasked to create a business response based on SOC analysts’ reports and assess risks.

7. Replicate Sophisticated Attacks

Cyber range simulations can immerse your team in an attack scenario that leverages sophisticated machine learning, artificial intelligence (AI) or another advanced persistent threat (APT). A simulated APT allows you to validate your security ecosystem and playbook in the face of a highly targeted attack.

8. Strengthen Security Leadership

“The true test of leadership happens in the arena,” wrote former IBM Security Vice President Caleb Barlow. “Every tough situation needs leaders.”

Cyber range simulation can allow you to assess how your security and business leaders respond to an attack in an interactive environment. Executives will need to step up to address media relations, team communications, technical processes and business risks.

9. Improve Security Culture

Range simulations can reveal some important truths about your response team. Technology and process are important parts of cyber resilience, but culture is equally important. Your playbook doesn’t matter if your team can’t collaborate effectively. Sixty-five percent of SOC leaders say they plan to hire more employees with soft skills such as interpersonal communications and teamwork this year, according to Exabeam.

Culture and team cohesion can have an influence on how your team responds under pressure, and whether your response follows your playbook or goes off the rails. The cyber range can reveal any team incoherence and help determine whether you’ve hired the right mix of technical and interpersonal skills.

10. Practice Your Playbook

Understanding gaps in your incident response plan is a major benefit of cyber range simulation. You’ll emerge with knowledge of areas where you need more technology, skill or better-refined processes. You’ll discover whether your team even pulls out the playbook when the simulation goes live. A cyber range builds muscle memory when it comes to following your IR plan, so your team won’t be fumbling for answers when seconds count.

Test Your Cyber Resilience on the Cyber Range

Even a bulletproof IR plan can crumble if your team isn’t prepared to pull out the playbook under attack. Running battle drills on the range allows you to understand whether your playbook offers sufficient protection against sophisticated threats and if your team is prepared to take action. Tabletop exercises and technical training are important, but they can’t replicate the heart-pounding, real-world impact of a cyber range. Immersive experiences led by experts can help you prepare your cross-functional teams for any cyber incidents on the horizon.

More from Incident Response

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

PR vs cybersecurity teams: Handling disagreements in a crisis

4 min read - Check out our first two articles in this series, Cybersecurity crisis communication: What to do and Crisis communication: What NOT to do. When a cyber incident happens inside an organization, everyone in the company has a stake in how to approach remediation. The problem is that not everyone agrees on how to handle the public response to cyber crisis communication. Typically, in any organization, the public relations team handles the relationship between the company and the media, who then decide…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today