Why we host simulations

Cyber Simulation Events

As we have started to advertise our forthcoming series of Cyber Crisis simulation events, lots of people have asked me about the benefits of these events and why we host simulations as part of our Cyber Security Awareness Month event plan.

My immediate response is that it is widely recognised that cyber crisis simulations are an effective tool for businesses and teams to develop their understanding of how to prepare for and protect their businesses from cyber incidents. If we want people to understand the importance of being prepared for a crisis, it is useful to help them understand how it feels to be responsible for managing a crisis and what is required of them in doing so.

What is a crisis simulation?

A simulation involves participants being immersed in a fictitious scenario, inspired by real-world events, allowing them to influence the outcome of the scenario as they respond to each “inject” (an inject is a specific stage of a simulation, often when new information comes to light or the business experiences further impact of a cyber event).

Participants respond to these “injects” by acting to isolate the threat and mitigate further damage.¹

Those taking part in the simulation have the opportunity to share their intended response after each inject and, in the case of our forthcoming series of events, have the opportunity to consult an expert panel of advisors who provide advice and guidance during each injest, effectively evaluating each team’s simulation response in real time as the mock crisis unfolds.

Why do we host crisis simulations?

The UK’s National Cyber Security Centre (NCSC) recommends that organisations regularly undertake simulations to maintain and improve their incident response capabilities.²

As I previously mentioned, cyber crisis simulations are a valuable tool for boosting an organisations cyber resilience. The UK’s National Cyber security Centre (NCSC) strongly recommends that organisations regularly undertake simulations to maintain and improve their incident response capabilities.³

Investing in your organisation’s cyber incident preparedness is equally as important as investing in your cyber security controls and incident prevention.

All too often I see organisations rely on a tick-box approach to incident management preparation and business continuity, where they have long-forgotten procedures in place, languishing in folders. When a crisis happens, if the plans haven’t been regularly reviewed and tested, businesses don’t pay much attention to these plans and those teams who are responsible for incident management “start again” when agreeing their response, which elongates the time taken to formulate plans, seek the relevant approvals and respond to the crisis.

By hosting effective and regular simulations, we are able to develop confidence amongst participants,  enhance organisational resilience, strengthen the understanding of key stakeholders and clarify roles and expectations within the crisis management plan.⁴

What are the benefits of cyber crisis simulations?

It is clear there are a multitude of benefits for running cyber crisis simulations: they are a critical component of an organisation’s training and cyber preparedness plans. Cyber crisis simulations are a great way to engage employees to understand the impact of cyber events, in a safe and controlled environment. Running professional cyber crisis scenario events:

• Enables individuals and teams to experience the impact of a cyber crisis on their business – in a controlled and safe manner
• Develops organisation’s understanding of the efficacy of their plans
• Enables organisations to understand the importance of an effective cyber crisis communications strategy and plan to support the successful implementation of their cyber crisis response
• Enables businesses to test their existing cyber crisis and incident management plans and to identify improvements that they can make to
• Provides businesses with valuable training to develop confidence and teamwork in cyber crisis management

Soteria’s experience in hosting cyber simulations

Soteria has recent and extensive experience in hosting cyber crisis simulations. We run simulations with scenarios tailored to a range of professional industries and for a number of global clients.

Notably, we are working with the Jersey Cyber Security Centre to host a programme of cyber simulation exercises as part of Cyber Security Awareness Month this October. If you’re a professional seeking to improve your understanding of how to prepare steps to protect your business from cyber incidents, then our Cyber Security Security Awareness Month programme is for you. For more information and to secure your place, visit: https://jcsc.je/latest/events/cyber-incident-response-exercises-october

Author: Lynne Capie
Researcher: Jacob Low