Check out this link if you are wondering where the blog title came from 🙂
At the recent RightsCon 2015 I had the opportunity to work with a few friends from Access to do a Cyber Incident role play.
If you are not familiar with cyber security exercises or drills, the role play allows the participants to experience a cyber security incident and react to the incident as it unfolds.
In the session at RightsCon2015, participants were employees of a non-profit organization that being hit by a data breach incident. Sensitive information had been published on the Internet and the hacking group carrying out the attack were asking for money or they will expose more. Moments later, the attacker published a video, a couple of Tweets about the attack progress, and a DDoS attack against the organization’s web server.
Sounds familiar, right?
Session participants were divided into four groups: legal, communications, management and information technology. Since they all work for the same company, they need to work together in dealing with the attack, which not easy, of course, if you only have bits and pieces of what is happening, and do not have written policies or procedures to refer to.
In terms of preparation, the four of us got together around middle February to come up with the story, time-line and props (like emails, video, etc). All of this was done online in four different time zones! I think all of us were quite happy with the end results and already thinking about how we could tweak this should we do it again the the future.
Going back to the cyber incident role play session, at the end we shared with the participants ‘the big picture’ of the attack ,i.e. how this whole incident could have happened. Additionally, we also spoke about the various issues that you have to think about in dealing with an incident – i.e. not just technical! We also highlighted the need to have an incident response plan before you experience an incident, and the need to understand the data that you own and how to protect them.
If you are interested to do similar exercise in your organization and would like to have access to the materials we used for the session, feel free to drop me an email!
Read more about APNIC activities at RightsCon2015.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.