Posted By ECT News Network on 08/23/2017 in Security

How to Sharpen Security Response Capabilities

How to Sharpen Security Response Capabilities

An article from the E-Commerce Times by Ed Moyle, Director of Thought Leadership and Research for ISACA, explains how a "tabletop exercise" can be both an important and a fun way to improve an organization's security posture.

Ask any security practitioner about ransomware nowadays, and chances are good you'll get an earful. Recent outbreaks like Petya and WannaCry have left organizations around the world reeling, and statistics show that ransomware is on the rise generally.

For example, 62 percent of participants surveyed for ISACA's recent "Global State of Cybersecurity" survey experienced a ransomware attack in 2016, and 53 percent had a formal process to deal with it. While ransomware is already a big deal, it is set to become an even bigger deal down the road.

One of the questions organizations ask is what steps they can take to keep themselves protected. Specifically, what can organizations do to make sure that their organization is prepared, protected and resilient in the face of an outbreak?

A strategy that can work successfully is the long-tested "tabletop exercise" -- that is, conducting a carefully crafted simulation (in this case, a ransomware situation) to test organizational response processes and validate that all critical elements are accounted for during planning.

This strategy works particularly well for ransomware because it encourages direct, frank and open discussions about a key area that is often a point of contention during an incident: the ransom itself.

The Tabletop Exercise

Invariably, in the context of an actual ransomware incident, someone will suggest paying the ransom. Sometimes it's a business team that sees the ransom as a small price to pay to get critical activities back on track. In other cases, it might be executives who are eager to defer what is likely to be a long and protracted disruption to operations. Either way, paying the ransom can seem compelling when the pressure is on and adrenaline is high.

However, most law enforcement and security professionals agree that there are potential downsides to paying the ransom. First, there is the possibility that attackers won't honor their end of the deal. A victim might pay them but lose its data anyway. Even if the attacker should follow through, there is the danger of creating a perception that the organization is a soft touch, which could induce attackers to retarget it down the road.

An organization might make a decision when feeling ransomware pressure that it would not make when thinking it through calmly in the abstract. That is why working through the issues ahead of time can be valuable.

The exercise prompts discussions about these topics and fosters calm and rational decision-making. Further, it helps familiarize critical personnel with response procedures, pre-empting "hair on fire" behavior if an actual crisis should occur.

Ransomware is only one area where a tabletop exercise can provide value. In fact, many aspects of an organization's security posture can be tested in this way. An organization can employ tabletops to examine everything from business continuity to disaster preparedness to distributed attacks, using a structure tabletop exercise. It's also possible to test general response communication channels for unplanned situations with no explicit response procedures established -- for example, the kidnapping of key personnel traveling abroad.


Read the entire article on the E-Commerce Times


Ed Moyle is general manager and chief content officer at Prelude Institute. He has been an ECT News Network columnist since 2007. His extensive background in computer security includes experience in forensics, application penetration testing, information security audit and secure solutions development. Ed is co-author of Cryptographic Libraries for Developers and a frequent contributor to the information security industry as author, public speaker and analyst.

Show Phone Number
818.461.9700


View Profile

Encino, California 91436

Search Blog Articles

Join Our Newsletter