September 11, 2019 By Jasmine Henry 4 min read

Are you really prepared to respond to a cyberattack? You don’t want to discover halfway through a data breach that your incident response (IR) playbook cracks under pressure. Just 23 percent of organizations have a consistently applied cybersecurity response plan, according to IBM Security and the Ponemon Institute’s recent “2019 Study on the Cyber Resilient Organization,” and even fewer firms know if their playbook can perform. What’s more, only 54 percent of organizations with an IR plan regularly test it.

Cyber range simulations help build preparedness by allowing organizations to stress-test an IR playbook in a real-world situation. Immersive training builds situational awareness in a way that’s very hard to replicate with tabletop exercises or classroom training. Simulation leads to on-the-ground experience and offers numerous benefits, including performance data, real-time expert feedback and cross-functional training.

10 Reasons to Visit the Cyber Range

Many security leaders don’t know how their team will perform under attack. You can’t predict whether or not your organization will be a target, but you can predict how you’ll respond if you’re prepared. After observing hundreds of teams on the front lines of an attack, Global X-Force IRIS lead Wendi Whitmore identified five characteristics of the best response teams:

  1. Tactical skills
  2. Dynamic technology
  3. Threat intelligence
  4. Comprehensive remediation
  5. Real-world training

It’s simple: Your team needs to prepare to immediately respond to an attack and protect the enterprise. Simulation drills benefit both IR staff and enterprise preparedness, so build confidence in your IR capabilities by paying a visit to the cyber range.

Here are 10 reasons to test your incident response with cyber range simulations.

1. Performance-Based Data

Running drills on the range provides real-time access to performance data, which is a tactical advantage over tabletop simulations. This data shows risks and opportunities across technical, communications and leadership competencies, and how your performance measures up to industry KPIs. Security leaders can take this data directly to business stakeholders to create a plan for urgent action, workforce succession or technological improvements.

2. Expert Feedback

A range can put your team side-by-side with industry experts who have decades of experience in real-world response and threat intelligence. You can learn from individuals who have trained thousands of enterprises on cyber resilience. This provides the opportunity to benchmark your organization against the most mature firms and perform a gap analysis on opportunities.

3. On-the-Job Experience

Simulated work experience on the range is an invaluable training tool for a green security operations center (SOC) staff. Just 2 percent of cybersecurity leaders believe university graduates enter the workforce well-prepared for cybersecurity challenges, according to a recent ISACA study.

Simulations can strengthen the cybersecurity bench with internal talent development, including providing critical experience to less-practiced members of the workforce. Incident response drills can be tailored by industry to simulate an attack on complex environments.

4. Assess Potential Hires

Cyber range simulations provide an opportunity to assess individual strengths, give feedback to current employees and assess prospective hires during a job interview. Range simulations can also help identify high-potential job candidates who may lack traditional technical backgrounds based on how they communicate and collaborate under pressure.

5. Test New Ideas and Tech

Simulated cyber response scenarios enable security leaders to evaluate new technologies in a real-world situation before those solutions are brought into production. Simulation is a low-risk, low-cost way to incubate sophisticated ideas and learn from failures. Technologies and concepts that pass the range can be scaled to the enterprise security strategy when you’re confident the IR team is ready.

6. Train Non-Technical Staff

Incident response simulation doesn’t just benefit SOC employees. The most effective range exercises unite security and business specialists by bringing the entire playbook to life. This can provide valuable learning experiences for leaders from legal, human resources, communications and finance. In a cross-functional exercise, business leaders may be tasked to create a business response based on SOC analysts’ reports and assess risks.

7. Replicate Sophisticated Attacks

Cyber range simulations can immerse your team in an attack scenario that leverages sophisticated machine learning, artificial intelligence (AI) or another advanced persistent threat (APT). A simulated APT allows you to validate your security ecosystem and playbook in the face of a highly targeted attack.

8. Strengthen Security Leadership

“The true test of leadership happens in the arena,” wrote former IBM Security Vice President Caleb Barlow. “Every tough situation needs leaders.”

Cyber range simulation can allow you to assess how your security and business leaders respond to an attack in an interactive environment. Executives will need to step up to address media relations, team communications, technical processes and business risks.

9. Improve Security Culture

Range simulations can reveal some important truths about your response team. Technology and process are important parts of cyber resilience, but culture is equally important. Your playbook doesn’t matter if your team can’t collaborate effectively. Sixty-five percent of SOC leaders say they plan to hire more employees with soft skills such as interpersonal communications and teamwork this year, according to Exabeam.

Culture and team cohesion can have an influence on how your team responds under pressure, and whether your response follows your playbook or goes off the rails. The cyber range can reveal any team incoherence and help determine whether you’ve hired the right mix of technical and interpersonal skills.

10. Practice Your Playbook

Understanding gaps in your incident response plan is a major benefit of cyber range simulation. You’ll emerge with knowledge of areas where you need more technology, skill or better-refined processes. You’ll discover whether your team even pulls out the playbook when the simulation goes live. A cyber range builds muscle memory when it comes to following your IR plan, so your team won’t be fumbling for answers when seconds count.

Test Your Cyber Resilience on the Cyber Range

Even a bulletproof IR plan can crumble if your team isn’t prepared to pull out the playbook under attack. Running battle drills on the range allows you to understand whether your playbook offers sufficient protection against sophisticated threats and if your team is prepared to take action. Tabletop exercises and technical training are important, but they can’t replicate the heart-pounding, real-world impact of a cyber range. Immersive experiences led by experts can help you prepare your cross-functional teams for any cyber incidents on the horizon.

More from Incident Response

Cybersecurity crisis communication: What to do

4 min read - Cybersecurity experts tell organizations that the question is not if they will become the target of a cyberattack but when. Often, the focus of response preparedness is on the technical aspects — how to stop the breach from continuing, recovering data and getting the business back online. While these tasks are critical, many organizations overlook a key part of response preparedness: crisis communication. Because a brand’s reputation often takes a significant hit, a cyberattack can significantly affect the company’s future…

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today