In today’s cyber security scenario, it is very widely accepted that almost every company will be hacked with any digital capabilities – it is a ‘wan’ if it is not a ‘if’.
This does not mean that an attack should be disastrous, even if it is successful – and it is the place where firms like sempice come.
Tekardar Pro To discuss the preparation of ransomware recently, Infoserity joined the sempice in Europe, and then experience this first hand in a ranging tabletop simulation, using red and blue teams like a strategy like red and blue teams in these scenarios.
Basic structure under fire
“It is unfortunately not so difficult to catch and compromise a tenant,” the Principal Technologist EMEA Guido Grinmeer of Campperis; “This is a landscape in which no one wants to be, but the reality is Does Happen. Even as soon as we speak, someone is dissolved and taken out. What do you do then? You have to make your disaster recovery plan. ,
In tabletop simulation, industry experts were divided into two separate teams – a Red Team (Rainmware Group) and a Blue Team (The Defenders), in this case, a cyber security team that protected a water facility.
Using a water facility was an important aspect of simulation – important infrastructure has faced an unprecedented number of cyber attacks in recent times, and restrictive red tapes, as well as lack of money and skills make the public sector particularly weak, describe Granmier;
“Therefore the public sector, they are more than the bureaucracy, so they are capable, by producing all kinds of documents, to check the boxes that they close, but it does not prepare them well for the true disaster. We are also involved in some event response cases in the public sector, where there is a lack of technical skills.”
Protection of public facilities such as water treatment plants or reservoirs can mean the literal meaning of life or death to those who are important – and readiness, learning to monitor their system, and know the weaknesses, and know the weaknesses, call Grillanmeer.
“One thing is to understand the weaknesses, the second thing is to understand an ongoing attack. You have to find that needle, as is different from the ideal,” they explain.
During this exercise, the Red Team discovered their motivations, drawing from the real -world experience of those in the room, and eventually demanded a heavy ransom from the water company (a one who matched the insurance payment!). The Blue team finally refused to pay the ransom, but both teams were certainly placed on their toes.
Bring orders in chaos
The ransomware attacks are unpredictable, so Sempiris threw some wildcards in both teams, but the beauty of this practice is that both teams have to be one step ahead a step ahead, and think creatively what their next step could be.
Campperis are adept at these conditions, and provide equipment to help companies prepare and recover.
“We often call customers to support them in such scenarios to go back to their feet,” says Grillamier. “If a company has been completely erased, there is nothing. All on-rich systems have been erased, gone, and it happens in reality.”
Campperis recently launched its ready 1 tool, a safe platform that ensures ‘spontaneous crisis reaction’ through preparation, cooperation and enterprise-wide communication.
When (if not!) Your outfit experiences an attack, and is cut off from the system and data, then Ready1 keeps the important information of your organization, the event response plan and cyber preparation plans – downtime, regulatory fines and data reduces the risk of exposure.
“In a true disaster, you need a supporter on your side,” the argument of Grillamier. “Pro is the boy who helps you prepare. Then you have a ready, to store that knowledge for you, to store procedures, then there is a central platform to kick them, when you need them.”
But, good tools are a small part of the equation – as a granmier jokes; “A fool with a tool is still a fool”.
Campperis ‘research found that 96% of companies have a cyber response plan, which is very good – but 71% also experienced at least one’ high -effects ‘cyber phenomenon, which prevents’ important commercial functions ‘in the previous year’ – so clear response plans are not sufficient.
There are a few reasons for this. Obviously, one of the primary purposes of cyber attack is the cause of downtime, so it should not be very surprising that they are sometimes successful.
However, security teams report that cross-team communication intervals (48%), vague roles and responsibilities (41%), and much more uneven equipment (40%) factor in downtime, and can be avoided by good preparation.
This is a major part of why the Dora regulation of the European Union has given mandate to the operational flexibility test as part of its main requirements. The test should be conducted by an independent unit, whether it is internal or external, so such tabletops are important for the financial industry (and beyond).
“Dora must first be ready to prove that you are ready – and then during a disaster to prove what you have done. It does all this and it reminds you that you have to do these tasks,” Grilynmeier confirms.
In this exercise, teams have a lot of real-world experience in defending ransomware and cyber attacks, and such simulation helps them to attach them seriously with all different sides of an attack, which is probably used in more comfortable environment, and they can detect different paths of defense and attack more independently.
