Relying on IT departments to manage a cybersecurity incident is a thing of the past. Senior leaders of a large national Banking, financial services and insurance (BFSI) organisation took steps to proactively develop a Cybersecurity Incident Response Plan (CIRP), involving multiple IT and non-IT departments and incorporating the CIRP as part of the broader Business Continuity Plan.
Validation of Existing Cyber Crisis Management
With the CIRP in place, the organisation needed to validate the plan but their environment was not suited for simulated cyberattacks. The ask was to provide a non-biased evaluation of both technical and business team’s ability to detect, contain, eradicate and report on successful cyber breaches, and to assess the technical competency of their cyber defence team to manage cyber incidents effectively and efficiently.
Strengthening through an organisation-wide cyber warfare exercise
Combining the benefits of both the cyber range and a tabletop exercise, a 3-day exercise delivering real-world simulated cyberattacks of increasing complexities was conducted. The technical teams had their technical and procedural capabilities assessed, concurrently the business teams were also exposed and assessed on the effects of these hacks and other social injects. Multiple after-action debrief sessions were conducted, where technical and procedural gaps surfaced and recorded for remedial actions. With the consolidated findings and recommendations are given to the board of director and participating teams, the organisation has since strengthened their cybersecurity policy, behavioural strategy and detection processes.