Practice: The Best Defense for Responding to Cyber Incidents
First responders have proven time and time again the valuable help they provide to people in need. Right now, we’re seeing their bravery with the historic hurricanes, fires and floods impacting millions of people. What makes first responders confident in the face of such danger? One word: practice. And this lesson is translating to the private sector in areas you wouldn’t normally expect.
A New Type of Training for Cybersecurity
One area is in cybersecurity, where tabletop exercises have been the norm for the past decade to help teams prepare. These paper-based exercises are kind of like a table read that actors do before they film a movie or TV show. They can be dry, lacking authentic feeling or emotion.
Last year IBM introduced the world to the industry’s first commercial cyber range at IBM X-Force Command in Cambridge, Massachusetts. The facility immerses teams from all walks of a company — security, boards of directors, IT, HR, legal, communications, etc. — into a real-life cyberattack. The experience teaches the importance of leadership in crisis and the critical role of communications during an incident.
The need to practice is acute, with 2 out of 3 security professionals admitting in a recent survey that their organizations aren’t prepared to appropriately respond to a cyberattack. Some recent headline-making data breaches have shown that the response to a breach can often make it worse for the impacted company.
Practice Makes Perfect for NBC
NBC’s Today Show was recently given exclusive access to an exercise run for 30 members of the Financial Services Information Sharing and Analysis Center (FS-ISAC). Members experienced a cyberattack on a fictitious bank and were thrown into action over several hours. See how they responded and the lessons learned.
To learn more about IBM X-Force Incident Response and Intelligence Services (IRIS), please visit the X-Force IRIS website.