Cyber crisis response failing to adapt to modern threats

Today, a stark disconnect exists between the inadequacy of crisis exercising and the desire to build an effective cyber crisis response function, according to an Osterman Research study.

cyber crisis response

The report into senior security leaders at 402 organizations with an average of 1900 employees in the US and UK found nearly 40% are not fully confident in their teams training to handle a data breach if one happened that week.

A spike in ransomware attacks

Looking at the evolution of ransomware alone, the number of ransomware detections in business environments rose by 365% between Q2 2018 and Q2 2019, and global organizations have seen a 148% spike in ransomware attacks amid COVID-19.

Meanwhile, more than a third of organizations surveyed say they space their tabletop exercises a year – sometimes two – apart, with 65% consisting of reviewing PowerPoint slides. In fact, slide-based sessions are nearly 20 times more common than practicing simulations and 64% ran three or fewer scenarios during their last exercise.

“If you did your ransomware training in January, you’re likely five ransomware techniques behind the curve now,” said James Hadley, CEO of Immersive Labs.

“With three quarters of organizations agreeing that business continuity was at the forefront of their minds, it is time to close the gap between attackers and defenders and shake up the outdated status quo. This requires faster, shorter crisis drills run with the people you will be standing shoulder to shoulder with when the worst happens. Crisis exercises must be made more contemporary.”

There is a need for more –and modernized – cyber training across organizations, not just on the security team.

Over reliance on plans contributes to low IR confidence

Despite organizations’ low confidence in their IR preparedness, 61% of respondents think having an IR plan is the single most effective way to prepare for a security incident. In fact, twice the amount of respondents thought an IR plan was more effective than regular table-top crisis exercising.

When they do perform crisis exercises, nearly 40% of all senior security leaders surveyed said the last exercise generated no action from the business.

Senior cybersecurity leadership skipping crisis exercises

Only a fraction of people who will be involved in a real crisis are present in training. A quarter of organizations surveyed ran crisis exercises without senior cybersecurity leadership in attendance, and only 20% of exercises involved communications team members, although the survey showed impact on brand is more important in security leaders’ minds when running crisis exercises at 47%, than share price (24%) or liquidity (27%).

Nearly half of security leaders said their organizations do not have a cross disciplinary cyber crisis group, of those who do, only 17% met monthly.

The pandemic exacerbates challenges with the human factor

20% of respondents said they find it impossible to effectively involve people in crisis response remotely from other geographies. Add to that, the human element of the cyber equation is being overlooked by crisis response exercises with only 15% saying they are focused on stress testing human cyber readiness.

cyber crisis response

Technology investments aren’t enough

Technology investments can’t save an organization alone, it’s time to focus on people. Nearly 60% of respondents think the best way to prepare for a crisis incident is to buy more technology, and more are interested in covering themselves legally (38%) than running effective tabletop exercises and fire drills to train their teams (32%).

“Dusting off the three-ring binder crisis plan does not cut it today,” added Hadley. “In the first 30 minutes of a crisis, it is highly unlikely you’re thinking of your plan. It’s the real-life, crisis simulation training that prepares organizations to effectively respond to security incidents.

“Micro-drills, or very focused exercises, designed to address particular risks must make their way into the mix. Much like exercising to stay fit, this needs to happen with regularity in dynamic environments, and involve all the right people, in order to keep current and be effective.”

Immersive Labs Cyber Crisis Simulator: Better-drilled crisis response across orgs of all sizes

Immersive Labs announced an industry-first solution to create better-drilled crisis response across institutions of all sizes. Cyber Crisis Simulator will allow people to virtually test their organization’s reactions to the latest real-world attacks and is designed to be relevant to everyone from legal and communications teams, to cybersecurity specialists.

While cyber incidents may be played out on technological platforms, the effectiveness of the human response dictates their impact on company value. Immersive Labs’ new Cyber Crisis Simulator aims to improve this human element.

True to the company’s underlying platform, the product drops decision-makers into a range of real-life scenarios and asks them to make crucial decisions along the way. Choices such as whether to pay the ransom in a ransomware attack or when to inform the regulator, all impact the team’s overall exercise score and simulated company share price and reputation.

“The success of an organization’s cyber crisis response is predicated on being well-prepared. As we have seen, it can be the difference between successfully addressing an issue and a share price collapse,” said James Hadley, CEO of Immersive Labs.

“Coupled with the pace of the threat landscape, this means regular training for a broad range of stakeholders outside of just technical and security teams is important. This is exactly what Cyber Crisis Simulator has been designed for.”

Until now, this type of in-depth, crisis simulation training was only available via costly, time-consuming table-top exercises. With the Cyber Crisis Simulator, this can be delivered through a browser, allowing senior management a resource that will consistently improve and measure cyber awareness.

Jack Huffard joins Immersive Labs board of directors

Immersive Labs announced Jack Huffard, a co-founder and board member of Tenable will join its board of directors to help drive growth. This comes on the heels of Immersive Labs’ recent expansion into the U.S. market, backed by Goldman Sachs and Summit Partners with $50M in financing, after four successful years of fast-growth and an impressive customer roster in the UK and the U.S.

With the addition of Huffard to the board, a cybersecurity industry business leader who helped Tenable through its fast growth and successful IPO, the Immersive Labs team is well-suited for its next phase of innovation and market leadership.

Huffard also currently serves as a board director for Norfolk Southern Corporation and is a member of the National Security Telecommunications Advisory Committee (NSTAC), helping the US government navigate pressing national security issues and strengthen the country’s emergency preparedness.

Immersive Labs will also be bolstering its Advisory Board with the addition of seasoned cybersecurity investor and co-founder of CyLon, Grace Cassy. From hubs in London and Singapore, CyLon has supported over 100 cyber companies, now collectively valued at over £400M. Prior to this, Cassy spent 10 years in the UK Diplomatic Service.

Greater visibility, measurement, and improvement of cybersecurity skills is becoming a necessity for companies, as bad actors become more sophisticated and persistent.

In order to guarantee an organization’s human readiness against the evolving cyber threat landscape, continuous challenges, scenarios, and crisis simulations are required. Immersive Labs is strongly positioned to help enterprises equip for actual cyber risks and exercise against real-world techniques and threats.

“Immersive Labs has the strong qualities that fast-growing companies require to succeed. Their culture is purpose-driven and they have a customer base that is the envy of many growth-stage firms. There is no limit to their trajectory,” said Huffard.

“As an entrepreneur, I know how difficult it is to produce a product that resonates strongly with customers. CIOs and CISOs now have a platform in Immersive Labs for cyber skills development that will consistently measure, assess, and fortify the education of their cyber talent.”

“We’ve identified the right ingredients, from our people and advisors to our customers, to drive massive adoption of our product and I couldn’t be more excited to have Jack and Grace on board to help lead us in the next phase,” said Immersive Labs’ CEO James Hadley.

“They bring unprecedented business experience and market expertise to our team, which will be invaluable to our success this year.”