The aim of this support resource is to ensure:
- Executives and Managers have an awareness of how to use Immersive Crisis Simulations to build Cyber Operational Resilience and,
- Can use Immersive Crisis Simulations to improve security teams' incident & crisis management capability
The importance and benefits of running Crisis Simulations and Exercises
Importance of Crisis Exercising
Cyber threats are ever-present and constantly evolving, forcing organizations to better prepare for the unexpected. One effective way to prepare is through crisis simulations and exercising, which simulate real-world cyber attacks as well as other crisis situations and test an organization's response capabilities under pressure.
From technical teams to executive decision-makers, crisis simulations exercise teams together to build trust and confidence in their knowledge, skills, and judgment in responding to actual incidents - removing the isolation gap between technical and management teams.
Benefits of crisis exercising
- Improved communication - Facilitates better communication and collaboration across different departments, leading to a shared understanding of goals, priorities, and challenges
- Greater efficiency - Promotes a common approach to problem-solving, testing, and decision-making – resulting in more efficient use of resources and streamlined processes
- Enhanced leadership skills - Develops and builds upon leadership skills at all levels of the organization, enabling employees to take ownership of their work and lead their teams more effectively
- Increased accountability - It creates a sense of shared responsibility for organizational outcomes, promoting a culture of accountability and continuous improvement
- Better alignment - It ensures that organizational goals and strategies are aligned across different levels, ensuring that everyone is working towards the same objectives
The Key Principles you should follow when developing your crisis simulations and exercising program
Key principles in crisis response
- Apply these to all your crisis simulations and exercises:
- Move the organization from mayhem to management as fast as possible
- Move fast! Social media is instant
- Have a clear line of command for who “signs off” any communications release
- Monitor what else is going on and what is being said - what you don’t know is as important as what you do know.
- “Feed the beast”. Release news little and often to the media/stakeholders
- Be human - apologize if you need to.
How to use Immersive Crisis Simulations to maximize your preparation and improve your crisis management capability
Responding to a cyber incident depends on diverse teams with different skills and perspectives coming together as one. Make sure your crisis simulations and exercises involve technical and non technical teams as well as various business functions.
Exercising cadence and modality - Run exercises to build capabilities, muscle memory, and confidence. Make sure you have a regular cadence of crisis simulations and exercises - frequency can differ between organizations.
Scale up and benchmark performance - Consider creating a ‘template’ exercise aligned to key organizational or functional areas of focus or concerns.
The overall scenario remains the same but can be quickly adapted to each specific location or line of business and run in different formats (single player, drill or presentation mode)
Let the data do the talking
- Run exercises to evidence decision paths taken by different functions and teams across the organization.
- Compare results (including confidence levels) by role/level, locations, and/or business lines for a snapshot of organizational cyber resilience capability
- Use that data as part of your Executive exercise to demonstrate the benefits of your program.
- Build confidence across the executives and showcase areas of focus for your program
Simulation and Exercise Delivery Options - Make sure you utilize all play modes to achieve your goals and outcomes depending upon realism and simulated events.
Exercising Best Practices
- Define your Goals - Set goals and aims for the exercise.
- Identify Audience & Participants - Identify participant teams and key decision-makers who should be part of the exercise.
- Select your Scenario or Template - Determine if you want a realistic or fictional scenario & Identify attack vector or threat actor.
- Customize Scenario (if applicable) - Align number of injects with the estimated time you’ll schedule for the exercise.
- Identify Exercise or facilitation mode - There are several ways you can run an exercise, select the style that meets your goals
- Complete Test Run of Exercise - Practice facilitating the scenario before your actual session.
- Schedule Exercise - Determine duration of the event - leverage the test-run to ensure you optimize the exercise time
- Send Advance Communications - Send calendar invites and reinforce why users need to be part of the exercise.
- Exercise Preparation and Logistics - From technical setups to briefing documents, ensure all logistical aspects are planned.
- Run Exercise - Ensure the facilitators are clear on the flow of the injects and intended goal.
- Debrief - Wrap up the exercise with a conclusion and debrief summary. If you wish you can conduct a facilitated debrief at a later date.
- Results Analysis - Review results and analyze trends from users' decision and confidence scores.
- Debrief - Hold a Post-Exercise debrief
10 Tips for running crisis exercises
- Understand the objectives and scope
- Plan your timings and stick to them
- Have backup injects and questions prepared
- Tailor the scenario and injects to specific roles
- Tailor how you deliver information
- Utilize breakout rooms
- Use anecdotes and get people to share their experiences
- Try not having everyone come to the room / the call before starting the exercise
- Let them make mistakes
- Be prepared to be challenged