Deloitte's Cyber Risk Services practice has rolled out cyber war-gaming and simulation services to help businesses cope with cyber-attacks. The new services are part of a broader portfolio of resilient services that help organisations minimise the impact of cyber incidents.
"Business leaders are coming to accept that even with the best security defenses in place, cyber incidents will occur," explains Ed Powers, National Managing Principal of Deloitte's Cyber Risk Services. "Although a well-constructed incident response manual is necessary, this alone does not create the reflexive judgment capability that organisations may need if a security incident becomes a true business crisis. War-gaming trains diverse teams of responders to act rapidly to reduce the business disruption and costs often associated with cyber incidents, as well as to minimise brand and reputation damage."
Deloitte's cyber threat war-gaming approach draws on the strengths of its broader Risk Advisory capabilities, relies on leading thinking from the military and academia, and incorporates lessons learned from war-game simulations conducted for multi-national companies, government entities, regulatory bodies and industry groups. Deloitte served as objective observer and co-authored the "After Action" report for Quantum Dawn 2, a simulated systemic cyberattack on the US financial system sponsored in June 2013 by the Securities Industry and Financial Markets Association.
Many organisations conduct technical rehearsals of their incident response plans, but Deloitte's cyber threat war-gaming services involve CEOs, CFOs, risk officers, talent (human relations) officers, legal counsel, and corporate communications teams, as well as technical responders.
"When a cyber attack threatens critical operations, business leaders may need to make quick decisions to off-line core systems or applications," said Mary Galligan, a Director in Deloitte's Cyber Risk Services, and the former the FBI Special Agent in Charge of Cyber and Special Operations for the FBI's New York office."Executives may need to guide communications with media, customers, investors and regulators. Collaboration with law enforcement and industry peers may also be essential in limiting the exposure of critical infrastructure."
Deloitte's approach raises understanding and awareness of cyber threats among this wide range of responders, many of whom have typically had little exposure to IT security functions. Through simulated scenarios, they gain a greater sense of ownership of their role in cyber defense and help establish a broad culture of cyber resilience.
"Resilience doesn't start when an incident occurs. Preparedness for cyber attacks is a multi-layered challenge," notes Emily Mossburg, Principal in charge of resilient services for Deloitte, "It includes the design of infrastructure and applications, the building of necessary support relationships, and a broad, ongoing programme to build a cyber-aware culture throughout the organisation."
Deloitte's cyber threat war-gaming services leverage a wide range of pre-packaged exercises and an inventory of threat scenarios and action components that can be customised to each organization's risk profile, drawing on Deloitte's extensive experience across a wide range of industry sectors.
No comments:
Post a Comment