How to test your Incident Response Plan

How well do you think your company can handle unexpected security troubles? Most are pretty confident about their abilities, especially if they have never encountered a serious incident. Unfortunately, the quality and speed of their incident response remain a purely theoretical fact. Blissfully untested. Woefully untrained?

Mapping your security capabilities: the options

There are some options to test your security capabilities. You could take matters into your own hands and start clicking on random spam mails, or change your password to all-time password favorites such as “qwerty” or “password.” Perhaps trying out that weird USB drive that’s been lying around the parking lot for the past few weeks? This should trigger at least some kind of security shenanigans for your Incident Response team to handle. Your coworkers might, however, not be as pleased with your achievement once your one-person operation causes them inconvenience or even actual damage to the systems.

So maybe randomly starting an incident is not the best way to go. Are there other options? Of course, there are. You can get a pack of experienced penetration testers to push your company’s security to the limit in an unrestricted penetration test and let the Incident Response team handle whatever mayhem they might cause. It will give you a pretty good, first-hand experience of what it feels like to be relentlessly targeted and attacked, while you can be sure that your company’s treasures remain safe even if your security walls and moats should fail.

Lean back & get attacked

What if, on the other hand, you could experience the effects of a cyber attack from a comfortable chair in your meeting room, without repercussions on your actual network or systems? One of our Incident Response Workshops might be just the thing for you. Much like a game of Dungeons & Dragons guides you through storytelling adventures including orcs, wizards and treasures, an incident response workshop dips you into lifelike incidents where things are not always what they seem, and your incident response plan is put to the test. You start at the first signs of an incident, and will have to make decisions, delegate, and investigate. As new information seeps in, you might have to change course, take immediate action, or decide to communicate to external parties.

“The Incident Response party at RandomCo encounters strange activities on one of their servers. The IT manager puts a team member on the investigation of the server, while the network documentation is fetched to identify the impacted application(s). Meanwhile, the DPO prepares an initial incident report. As the application owner is summoned, the investigation reveals that the data on the server has been taken hostage by rogue ransomware. This information indicates a much more serious incident than previously thought…”

What steps will RandomCo take to handle this situation? What would you do? Would you be isolating servers, retrieving backups, and calling in the forensics team, or would you be pulling plugs, paying the ransom, or finding your company secrets on the internet?

The ZionSecurity Incident Response workshop will show you how well you are prepared for the unexpected and includes a report on your Servers & Hackers adventures with detailed recommendations. Get in touch with our CyberSecurity Advisory team via [email protected] for more information.