How well prepared are you to handle incidents?
In a connected world, it is difficult, if not impossible, to completely eliminate the risk of suffering any type of information security incident. Far from all companies have a plan for what to do when such an incident occurs. Even fewer practice this plan.
Do you have a routine for handling incidents and are you sure that all key personnel can handle their roles.
Secify’s Cyber War Game
Companies are being pressured to move towards an increased digital presence. The shift opens up an increased risk of cyber-attacks and other information security-related incidents. What do you do if you discover that you have leaked personal data or received a ransomware? How does management handle communication with suppliers, subcontractors and customers as well as internally with employees? What happens if the rumor spreads and the press calls, what do you say and what do you leave out?
It is only through practice that we can become better at handling incidents. The way we practice is similar to a fire drill; an incident occurs that you are forced to act on. The entire exercise is predetermined and has a planned course along the way with a series of different events and moments that you will be forced to act on.
Our cyber war game:
- tests, among other things, action plans and routines.
- identifies if knowledge is lacking to handle incidents.
- increases management’s understanding of how important cyber security is to the organization
- gives an indication of how easy it is to lose control of an incident.
Often what happens after a real attack can be at least as, or even more costly than the attack itself. Sanctions can be about everything from employees feeling unsafe in their workplace and starting to look elsewhere, to the media getting wind of the attack and calling and asking questions. We have seen on several occasions that an ill-considered comment to the press can in many cases lead to a wave of bad PR and, in the worst case, to customers simply changing their image of the company. It is therefore important that you understand what the effect of a cyber attack can be and that you prepare so that it can be handled in the best possible way.
Do you want to know more?
Get in touch with us and we’ll tell you more about how it works.
“This was a good way to kick-start the dialogue around security. We first wanted to raise awareness because safety has always been important to us. What happened after the game was that our info bag trip got a real boost. We also got a positive feeling after the game and an increased understanding that this is something that can really happen. Now, among other things, we have appointed an information security manager who sits on the business side. ”
– Adela, Head of IT at OHB Sweden
Några av våra kunder
Two types of Cyber War Games
Right now you can choose between either focusing on a GDPR-incident, or a cyber attack. Both games have roughly the same setup and goals. What sets them apart is the challenges they face. The GDPR game is more about leaked personal data than the cyber attack game, which is about a regular cyber attack.
Shortly after lunch, an employee calls. An anonymous source announces on Twitter that it has the entire company’s personal data records. Customers, addresses, social security numbers but also more sensitive data such as notes are said to have been leaked. What do you do?
It’s Friday, it’s 3:27 p.m. and some of the colleagues have signed off for the weekend. You are finishing work when the IT manager calls. Out of breath, he tells us that there was a cyber attack on the company and some information may have been leaked. What do you do?