Having a plan is better than not having a plan, right? Most people would agree with this. But, is the existence of a plan enough? Having a plan that hasn’t been tested and vetted is like reading the instruction manual for a fire hose while the building burns to the ground. Without testing and real-world practice, how would a plan’s flaws and weaknesses be corrected, let alone found in the first place?
As stated in a previous blog (link to tech blog, added during publication phase), the reality that your business could be the target of a cyber attack is much more likely than you think (14 million of the 28 million small businesses in existence have been hacked). This is why it’s important to not only have adequate protections in place, but also to have a plan of action for when your protections fail. This plan, however, must be tested and all employees must know their individual course of action when/if your business needs to go into cleanup and repair mode. This is why testing your cyber plan with a mock cyber attack is important, because it’s in those situations that you’ll learn what you’re missing, do well, and need to do better..
Keep in mind, this is not a detailed blog on how to establish a mock cyber attack, but to inform you on why conducting one is necessary.
Why A Plan Just Isn’t Enough
Regardless of how careful or intelligent the drafter of your cyber response plan is, there will be important factors that will be missed, downplayed, or flat out wrong. Will departments that typically do not interact be interacting? Do they know how to work together? Do they speak the same lingo? Does everyone know their role? How could an attack impact the customer? These are just a few of the questions you’re trying to answer with a mock attack. Finding out there is a discrepancy during testing is what you want, because then you’re one step closer to fixing it.
Reasons you’ll want to test your business’s cyber response plan:
- Find flaws and inaccuracies in the plan
- Cement roles & responsibilities
- Figuring out departmental overlap
- Which departments must communicate
- Cement response and action time-tables
- Determine communication breakdowns
- Determine how attacks might affect customers
- Identify key components unique to your business that may be unaccounted for
Establishing A Mock Cyber Attack?
Preparation is extremely important to ensure that management learns as much as possible. With that being said, no one in your business can know any of the details regarding the attack ahead of time. Previous knowledge of the attack details would give the business an advantage that doesn’t exist in the real world, and thus nullifying useful takeaways. Also, when an attack occurs, it’s an all hands on deck type of situation, so management will be involved just as much as any other employee. This means that the mock attack must be planned and administered by an unbiased third party. It’s the third party’s responsibility to set up everything, update info as it comes along, and to simulate what an attack would be like in real time. The only thing you and your business would know is the day the attack would occur, to ensure that normal operations can be temporarily suspended to fulfill the obligations of the mock attack. This is about the only exception that can be made for knowledge regarding a mock cyber attack.
To prepare for a mock attack you’ll need:
- Devote an entire day to the mock attack
- A third-party expert developed plan complete with stages and developments
- A plan that is tailored to your unique business and data
- All hands on deck, you’ll need all employees involved
- To develop a core response team with distinct roles and responsibilities
- To be ready for departments to work together exclusively as well as simultaneously working with other departments; inter-department communication is key.
What to Expect
These attacks are usually about one thing: money. That means that hackers will target data that will be worth something to your company (and hold it for ransom) or something the hackers can use outright (credit card data). This means that your response in plugging the leak and alerting vendors and customers is of paramount importance. Keep in mind, most of these tasks will be happening at the same time alongside other tasks. Also, circumstances could change at the drop of a hat when new information is learned. Employees will have to be ready to wear several hats and multitask. Most importantly, however, is for your business’s response to be natural. This means to expect and welcome errors of all sorts. This is the entire point of the mock attack and the only way your business will come out of it stronger.
There are several things your business and its employees will be wanting to accomplish:
- First and foremost, except and welcome errors and communication breakdowns, and omissions. This is what it’s all about
- Change ALL passwords. This is especially important at the beginning when little is known about how the attack occurred and what was obtained
- Find where the weak point is and plug it up, make sure no more data can be extracted
- If important customer data is stolen, a quick media response will have to be made. Customers will be angry regardless, mitigate the level of their response by being honest and timely
- Do everything you can to protect your clients and business partners. The last thing you want is potential future lawsuits.
- Consider how this could/will affect vendors and business partners
- Contact banks and make sure any company credit or bank account information is protected and/or frozen
- Pay attention to news sources and information learned from the more technical side of the team. This new info could change your response and the response’s focus
- Add any and all protections necessary to make sure a future or follow-up attack does not and cannot occur
Not If, But When
The last thing any business wants is to go through a real attack. It’s disruptive, dangerous, and could permanently damage a business. Some businesses think that spending time and money on a mock attack is a waste of time and disruptive to normal business. There’s no doubt that we wish these preparations and precautions weren’t necessary, but unfortunately they are. If you haven’t had hackers probe or attack your business already, chances are it will happen to your business at some point in the future (even if you have already been attacked, it can happen again). This isn’t meant to scare you, but to inform you of the risk faced by all businesses in this day and age. This is why having a plan and testing it are absolutely necessary for every business.
Remember, It’s not a matter of if, but when… Ensure that your business is in the best place possible.