Exercises Can Help Organizations Train for Wide Range of Cyber Threats

It’s no secret that cybersecurity has become a more pressing issue over the past decade. According to a PWC Global State of the Information Security Survey in 2015, the number of cybersecurity incidents has increased at an annual rate of 66 percent. Both the range and complexity of cyber threats are expanding—from ransomware to compromises of critical infrastructure.

Yet, when those threats materialize, too few businesses and government entities have developed the protocols needed to escalate resources, coordinate support, and respond to an attack. While the need for these strategies has spanned more than a decade, it is even more imperative now as we confront a growing array of threats.

Ten years ago, Norwich University Applied Research Institutes (NUARI) launched the DECIDE Platform, with support from the Department of Homeland Security, to challenge leadership to engage across their organizations and respond to crippling cyber attacks. It is critical that the entire firm be prepared to respond in the event of a cyber breach.

Related story: Security awareness training is becoming a vital security tool

While DECIDE was initially developed to engage the financial markets and support critical infrastructure, the platform has migrated to engage leadership across continents, supporting their teams’ and individuals’ cyber preparedness. To do this, DECIDE offers a wide array of cutting-edge threat scenarios, ensuring entities can test their decision-making capabilities and enhance strategic communications. Organizations can develop comprehensive response plans that address previous vulnerabilities head-on.

Simulation pays off

When a cyber threat hits, there is no time to lose. Firms must take proactive opportunities to identify the gaps and needs that otherwise lead to business disaster. DECIDE offers firms the chance to simulate a particular scenario time and again to ensure they make the right decisions in the heat of the moment.

However, that is not enough. DECIDE also offers evaluation tools and after-action reports for each exercise, both of which contain insights that become the core elements of a firm’s optimal response playbook. And the playbook grows over time, containing plans to deal with supply chain hardenings or ransom demands. In turn, organizations can use those plans to deal with the triad of cybersecurity threats to confidentiality, integrity and availability.

Such a roadmap also ensures individuals across an organization understand their role in the face of an attack. From the operations and information security analysts to those in the business office, every employee must be aware of how to better counter cyber threats.

No weak links

That threat also can escalate and extend beyond the contours of a particular organization. It is why each of those individuals must be at the ready to coordinate with partners and entities across sectors, seamlessly coordinating a response to mitigate the impact of an attack.

DECIDE provides large-scale exercises in which they can perfect that response. Consider the Quantum Dawn series, which, over three iterations, has helped the financial sector develop effective response strategies and market mechanisms. Then, there is the Critical Infrastructure Protection Exercise series, where organizations from across sectors can ensure they know how to act in the face of an escalating threat.

Beyond DECIDE, NUARI builds customized education products for military, academia and private sector firms. These cybersecurity and critical infrastructure focused courses get to the core mission, ensuring organizations can build resilience across their teams and support individual preparedness against the next cyber threat.

Even though both the range and complexity of cyber threats continue to expand, stakeholders across sectors can now build the toolkit and develop the protocols to effectively respond in turn.

Phil Sussman, president of Norwich University Applies Research Institute, contributed this guest essay, which originally appeared on ThirdCertainty.com.

By Phil Susmann