Cyber Security Fire Drills

Wonder how vulnerable your business is to cyber attacks? Cyber Security Fire Drills are one way to help make sure your systems don’t get scorched

If to be forewarned is to be forearmed then it makes sense in terms of defending against Cyber Threats to know exactly where your weaknesses are. As mentioned previously, 90% of exploits are from known vulnerabilities – so it’s a no-brainer for you as the data owner to know just how vulnerable your infrastructure is to a potential breach.

Although operationally efficient, patching your servers and desktops and reviewing your firewall configuration periodically will not stand up to the scrutiny of running a “Vulnerability Scan”. Revealing the number of so-called “Critical”, “High”, “Medium” and “Low” vulnerabilities such a scan identifies where the most pain is so that you can remediate effectively.

 In many cases remediation would of course include patching to close up security gaps, however ongoing configuration changes will also be needed to keep up with ever-evolving and newly discovered threats.

 According to the Cyber Security Breaches Survey 2016, 26% of senior management are never given updates on Cyber Security, and only 16% are given updates on a monthly basis. How refreshing would it be for you as the company director to be in that 16% who knows on a monthly basis exactly how vulnerable their environment is?

This is a drill, repeat this is a drill!

 We’ve all been on the phone at some point when the fire alarms go off. “Excuse me, I’ll have to call you back…” is usually the response. Then, with minimum of fuss we would all quietly file out of the building, and congregate in a pre-designated area awaiting further instructions.

 After various checks were completed we would be informed that we were all present and accounted for, along with the time it took to complete the drill. Lessons learned would be taken away and implemented next time.

According to Sophos, 90% of breaches are from exploits, 90% of exploits are from known vulnerabilities, however 66% of IT staff lack Incident Response skills.

The difference between a fire drill and disaster recovery in this example is that the building did not actually burn down and neither were staff needed to be re-located; however, in terms of Incident Response it was critical to know how we would react in the event of alarms going off.

I would recommend that you review all of your internal procedures (not just “DR”) and where appropriate implement a “Cyber Security Fire Drill Schedule” that actually tests your reactions to configured alerts and the scenarios that trigger them.