Are you really prepared to respond to a cyberattack? You don’t want to discover halfway through a data breach that your incident response (IR) playbook cracks under pressure. Just 23 percent of organizations have a consistently applied cybersecurity response plan, according to IBM Security and the Ponemon Institute’s recent “2019 Study on the Cyber Resilient Organization,” and even fewer firms know if their playbook can perform. What’s more, only 54 percent of organizations with an IR plan regularly test it.
Cyber range simulations help build preparedness by allowing organizations to stress-test an IR playbook in a real-world situation. Immersive training builds situational awareness in a way that’s very hard to replicate with tabletop exercises or classroom training. Simulation leads to on-the-ground experience and offers numerous benefits, including performance data, real-time expert feedback and cross-functional training.
10 Reasons to Visit the Cyber Range
Many security leaders don’t know how their team will perform under attack. You can’t predict whether or not your organization will be a target, but you can predict how you’ll respond if you’re prepared. After observing hundreds of teams on the front lines of an attack, Global X-Force IRIS lead Wendi Whitmore identified five characteristics of the best response teams:
- Tactical skills
- Dynamic technology
- Threat intelligence
- Comprehensive remediation
- Real-world training
It’s simple: Your team needs to prepare to immediately respond to an attack and protect the enterprise. Simulation drills benefit both IR staff and enterprise preparedness, so build confidence in your IR capabilities by paying a visit to the cyber range.
Here are 10 reasons to test your incident response with cyber range simulations.
1. Performance-Based Data
Running drills on the range provides real-time access to performance data, which is a tactical advantage over tabletop simulations. This data shows risks and opportunities across technical, communications and leadership competencies, and how your performance measures up to industry KPIs. Security leaders can take this data directly to business stakeholders to create a plan for urgent action, workforce succession or technological improvements.
2. Expert Feedback
A range can put your team side-by-side with industry experts who have decades of experience in real-world response and threat intelligence. You can learn from individuals who have trained thousands of enterprises on cyber resilience. This provides the opportunity to benchmark your organization against the most mature firms and perform a gap analysis on opportunities.
3. On-the-Job Experience
Simulated work experience on the range is an invaluable training tool for a green security operations center (SOC) staff. Just 2 percent of cybersecurity leaders believe university graduates enter the workforce well-prepared for cybersecurity challenges, according to a recent ISACA study.
Simulations can strengthen the cybersecurity bench with internal talent development, including providing critical experience to less-practiced members of the workforce. Incident response drills can be tailored by industry to simulate an attack on complex environments.
4. Assess Potential Hires
Cyber range simulations provide an opportunity to assess individual strengths, give feedback to current employees and assess prospective hires during a job interview. Range simulations can also help identify high-potential job candidates who may lack traditional technical backgrounds based on how they communicate and collaborate under pressure.
5. Test New Ideas and Tech
Simulated cyber response scenarios enable security leaders to evaluate new technologies in a real-world situation before those solutions are brought into production. Simulation is a low-risk, low-cost way to incubate sophisticated ideas and learn from failures. Technologies and concepts that pass the range can be scaled to the enterprise security strategy when you’re confident the IR team is ready.
6. Train Non-Technical Staff
Incident response simulation doesn’t just benefit SOC employees. The most effective range exercises unite security and business specialists by bringing the entire playbook to life. This can provide valuable learning experiences for leaders from legal, human resources, communications and finance. In a cross-functional exercise, business leaders may be tasked to create a business response based on SOC analysts’ reports and assess risks.
7. Replicate Sophisticated Attacks
Cyber range simulations can immerse your team in an attack scenario that leverages sophisticated machine learning, artificial intelligence (AI) or another advanced persistent threat (APT). A simulated APT allows you to validate your security ecosystem and playbook in the face of a highly targeted attack.
8. Strengthen Security Leadership
“The true test of leadership happens in the arena,” wrote former IBM Security Vice President Caleb Barlow. “Every tough situation needs leaders.”
Cyber range simulation can allow you to assess how your security and business leaders respond to an attack in an interactive environment. Executives will need to step up to address media relations, team communications, technical processes and business risks.
9. Improve Security Culture
Range simulations can reveal some important truths about your response team. Technology and process are important parts of cyber resilience, but culture is equally important. Your playbook doesn’t matter if your team can’t collaborate effectively. Sixty-five percent of SOC leaders say they plan to hire more employees with soft skills such as interpersonal communications and teamwork this year, according to Exabeam.
Culture and team cohesion can have an influence on how your team responds under pressure, and whether your response follows your playbook or goes off the rails. The cyber range can reveal any team incoherence and help determine whether you’ve hired the right mix of technical and interpersonal skills.
10. Practice Your Playbook
Understanding gaps in your incident response plan is a major benefit of cyber range simulation. You’ll emerge with knowledge of areas where you need more technology, skill or better-refined processes. You’ll discover whether your team even pulls out the playbook when the simulation goes live. A cyber range builds muscle memory when it comes to following your IR plan, so your team won’t be fumbling for answers when seconds count.
Test Your Cyber Resilience on the Cyber Range
Even a bulletproof IR plan can crumble if your team isn’t prepared to pull out the playbook under attack. Running battle drills on the range allows you to understand whether your playbook offers sufficient protection against sophisticated threats and if your team is prepared to take action. Tabletop exercises and technical training are important, but they can’t replicate the heart-pounding, real-world impact of a cyber range. Immersive experiences led by experts can help you prepare your cross-functional teams for any cyber incidents on the horizon.
Jasmine Henry (formerly Jasmine W. Gordon) is a Seattle-based emerging commentator and freelance journalist specializing in analytics, information security, ...