8 Cyber Security Drills You Should Run in 2020
People don't really know how their cyber security skills are going to measure up until they've tried them. Everyone would prefer never having to face a real-life cyber security incident. It's better if they can try out their skills on simulated threats. They can make mistakes without suffering anything worse than embarrassment. The lessons they learn will help them to deal with real threats when they happen.
In a cyber security drill, a "red team" challenges a company's security measures while staying within prescribed bounds. IT staff can set up its own red team for some drills, though the most challenging tests come from outside security specialists. After the drill comes a review to find out where people need to improve their skills and where policies need adjustment.
Each type of drill tests a different set of employees and skills. Some affect everyone, while others challenge the skills of the IT team. A drill may be announced in advance or sprung by surprise. The following eight drills will help a business to keep its employees' security awareness up and sharpen their skills.
1. Tabletop Exercises
A company that hasn't run any security drills should start with a tabletop exercise. The participants walk through a hypothetical security incident on paper, saying how they would act. It ensures that they know what they're supposed to do and whom they should contact. A tabletop drill is easy to set up, doesn't disrupt other employees, and establishes some basics. It's a first step toward live drills.
2. Phishing Email
Employees are supposed to be alert to phishing attempts. They shouldn't open attachments or follow links from dubious messages. When people are in a hurry, though, they sometimes forget they go ahead and click, letting malicious software get into their machines. A mock phishing email can have an attachment or link that alerts the testing team when it's opened.
A phishing test can have a link that goes to a mock login page, then you can see how many people not only click, but then insert their credentials.
3. Spearphishing Email
Spearphishing is targeted phishing. Messages are tailored to fool specific people, usually ones high up in the organization. Tricking them can lead to unauthorized business transactions and serious financial losses. A spearphishing drill can use inside information to make its test messages convincing.
Targeting the CEO with a test email requires extra tact, but it's important to make sure the people who hold all the keys don't inadvertently give them away. Phishing and spearphishing drills have to be conducted without prior warning, so that the recipients won't be on guard.
4. Denial of Service
Some drills specifically test the skills of the IT department. Running a denial-of-service (DoS) attack is an example. The first question it addresses is how quickly the administrators notice that something unusual is happening. They might be slow to monitor system performance, or the existing network defenses might be holding the attack off.
A sustained DoS attack can keep users from accessing the systems or make responses unbearably slow, resulting in loss of business. If the DoS attack significantly impairs performance, the question becomes how well the IT department can counter it. They should be able to adjust the firewall or switch to a failover system to keep service at an acceptable level. Provisions may be in place to use an emergency filtering service. IT personnel should know what's available to them and how to use it.
5. Adding an Unauthorized Device
Inside attacks may come from an unauthorized, malicious computer added to the network. It could grab information from databases or try to spread malware. The red team brings in a computer with software for the purpose (but not for doing actual harm) and plugs it into the network. The IT staff should detect the abnormal activity and identify its source. Ideally, they'll locate the rogue device and unplug it. If it's well hidden, they should still be able to cut off its access to the network.
6. External Scanning
Networks constantly get scanned. Many of the scans come from legitimate sources, such as search engines. Others are the normal low-level probes for weaknesses that are a part of life on the Internet. A persistent, thorough scan for vulnerabilities, though, is a serious concern if it wasn't authorized. Scans that include a large number of login attempts need special attention. They can uncover weaknesses in the targeted system, break into accounts, and steal information.
The IT team should notice the traffic pattern that goes with such scans. The drill tests their awareness and the actions that they take. The appropriate response may be to log the attempt or to block it, depending on its severity.
7. Internal Scanning
Unauthorized scans from an inside source are more dangerous. Activity behind the firewall can grab information more easily than an external scan can. The result could be a steady stream of confidential business data going into criminal hands.
The red team can "infect" a company computer so it will probe databases or try to break into accounts. The IT team should identify it as a malware source and take appropriate actions, such as quarantining it from the network.
External probes constantly happen, but any unauthorized internal probe is an anomaly. To get passing marks on the drill, the IT team has to find and neutralize it.
8. Physical Intrusion
This type of attack is dead simple, but it's important to see how well people control their computers. Members of the red team wander around the offices. If they find an unattended, unlocked computer, they deposit some "malware" on it, using a USB device or a download.
When the careless employee comes back, the screen will display a warning that the computer was compromised. The testers will record which machines they were able to get into. A visitor who did this maliciously could take control of a computer and use it to siphon valuable information out.
Cyber Security Drills Keep Everyone Sharp
It's embarrassing to be caught in a cyber security mistake, but it's better for people to blunder in a drill and learn better than to let a real security threat into their systems. The focus should be on education, not blame. Everyone is careless some of the time, but practice leads to improvement.
Drills help management to identify the slowest learners. They can get remedial training, or they can be assigned tasks where security is less critical. With regular practice, thinking about cyber security becomes part of a company's culture. Employees will make fewer mistakes, and operations will proceed with fewer disruptions.
Drills are just one aspect of a complete business security program. Firewalls, protective software, and monitoring decrease the chance that anything will go wrong, through human error or otherwise. Exercises reduce the chance that a mistake will let threats get past the security measures. Together they make the operating environment safer.
Get a Cyber Security Assessment
A great first step in determining if you have gaps in your security is to get a cyber security and risk assessment. Get details here or call us at 800-481-4369.
About Courtney Casey
In an industry dominated by men, Courtney Casey, Director of Marketing for Accent Computer Solutions, Inc., is making her mark on the world of information technology. Courtney has been immersed in the IT field most of her life and has been molded into the tech savvy expert she is today. She began working for Accent while earning her Bachelor's degree from California State University, Long Beach. Known in the Inland Empire as the "Tech Girl," Courtney is a regular columnist for the region's newspaper of record, The Press-Enterprise. Her columns address topical news trends, new technology products, and offer advice on how to embrace technology or avoid common IT pitfalls.