The Future of Breach Preparedness

Share this post:

A crucial element for any organisation’s resilience is the ability to put comprehensive plans and preparation exercises through rigorous real-world scenarios.  Scenario planning and training is the norm for the emergency services, armed forces, and airline industry to name a few.

Information technology and cybersecurity industries historically have not been at the same level of maturity as the aforementioned examples. This was recognised by IBM as a unique need in the marketplace.  This resulted in the development of the IBM® X-Force® Command Cyber Tactical Operations Center (C-TOC).

The primary mission of the C-TOC is to deliver immersive training in the most realistic cyber-attack simulation possible, helping organisations practice and improve their response to cyberattacks.

These simulations are delivered in the industry’s first mobile cyber range and watch floor encapsulated into a 23 tonne Mercedes-Benz truck that can be made available to clients globally. When not working with clients, the C-TOC travels to academic institutions, industry and community events for training and awareness activities.

There has been unprecedented demand for the C-TOC to travel across Europe, testing board members, technology and business executives in their ability to respond to a cyber crisis. I was personally involved in attending this immersive training cyber range for multiple financial services (FS) clients.

In these sessions the following observations were made:

1. Change in mindset and methodologies are needed

The FS industry is built upon complex methods of managing risk associated with the instruments they trade using well established mathematical modelling.  However, cyber risk management techniques and management processes are currently worlds apart.  To remedy this a change in focus is needed from the board downwards focussing on building resilience in the delivery of business services.

2. Cyber risk poses a severe risk of systemic failure

Firms should prioritise their most important business services, then gain a comprehensive view of the intricate web of systems and processes that support them. These could be internal or outsourced, either way all of which are vulnerable to disruption and require contingency planning and testing.

3. Tough decisions need to be made quickly

Executives are under pressure to make important decisions  with unconfirmed or validated information available, our scenarios highlighted the need for a stronger regime of planning and testing of a range of cyber breaches/attacks. Risk based scenario exercises need to be developed and regularly tested with a variety of business stakeholders.

4. GDPR is making Business Continuity Plans and Disaster Recovery efforts difficult

Organisations recognise that partnerships between cybersecurity and privacy teams can improve breach response activities. Given that organisations have a regulatory requirement to provide notification within 72 hours, sharing of fact-based information relating to a breach is necessary to qualify and quantify the scope and impact. However, in practice this partnership proved to be uncoordinated.

5. Automation for incident response is undeveloped and unutilised

Enabling security technologies that augment or replace human intervention when responding to cyber breaches are not currently utilised or planned to be deployed by most organisations. These technologies would utilise artificial intelligence, machine learning, analytics and orchestration to aid in breach response.

For more information on how our clients and other global organisations are building cyber resilience see the IBM Security and Ponemon Institute fourth annual study on the Cyber Resilient Organisation.