Cyber War Games

Introduction

What would you do if you encountered an incident?

In a connected world, it is difficult, if not impossible, to completely eliminate the risk of experiencing some type of information security incident.
Far from all companies have a clear plan for what to do when such an incident occurs. Even fewer practice this plan.
Do you have a routine for handling incidents, and are you sure that all key personnel can handle their roles?

Kontakta oss

Vill du veta mer om våra tjänster och lösningar? Kontakta oss så hjälper vi dig.

Our service

Secify’s Cyber War Game

Companies are being pushed towards increased digital presence. This shift opens up an increased risk of cyber attacks and other information security-related incidents. What do you do if you discover a data breach or a ransomware attack? How does management handle communication with suppliers, subcontractors, and customers, as well as internally with employees? What happens if the rumor spreads and the press calls, what do you say and what do you avoid saying?

It is only through practice that we can become better at handling incidents. The way we practice is similar to a fire drill; an incident occurs that you have to respond to. The entire exercise is predetermined and has a planned course of events with a series of different scenarios and moments that you must act upon.

This is what our Cyber War Game does

Tests action plans and procedures

Identifies gaps in knowledge for handling incidents

Increases management’s understanding of the importance of cybersecurity for the organization

Provides a realistic view of how easily control over an incident can be lost

Execution

Two Games

Currently, you can choose to focus on either a GDPR incident or a cyberattack. Both games have roughly the same structure and goals. What differentiates them are the challenges faced. The GDPR game deals more with leaked personal data, while the cyberattack game is about a straightforward cyberattack.

GDPR Incident

Shortly after lunch, an employee calls. An anonymous source announces on Twitter that they have the company’s entire personal data register. Customers, addresses, personal numbers, and even more sensitive data like notes are said to have leaked. What do you do?

Cyberattack

It’s Friday, 3:27 PM, and some colleagues have already clocked out for the weekend. You are wrapping up your work when the IT manager calls. Breathlessly, he tells you that a cyberattack has occurred against the company, and some information may have leaked. What do you do?

Consequenses

Prepare so you know what to do

Often, the aftermath of a real attack can be just as, or even more, costly than the attack itself. Consequences can range from employees feeling unsafe at their workplace and looking for other jobs, to the media catching wind of the attack and calling with questions.

We have seen on several occasions that an ill-considered comment to the press can often lead to a wave of bad PR and, in the worst case, to customers changing their perception of the company. Therefore, it is important to understand the potential impact of a cyberattack and to prepare so that it can be managed in the best possible way.

Hör av dig!