Blue / Red Team Review

So you’ve plotted a path through all of the cyber advice you have been given and you’ve convinced yourself that you are within your organisational risk tolerance in the cyber regard.

What now ?

A Live Performance is always made better by Dress Rehearsal

We advise the following:

  1. PLAN: Always assume that you will be attacked / subverted. Co-ordinate your senior stakeholders and collectively come up with a number of misuse cases. These are realistic scenarios of how an attack / incident may happen. The scenarios may cover electronic attack, bona fide user subversion, GDPR / DPA breach (including notification), key supply chain subversion environmental incident or other, depending on your business.
  2. DO: Execute the misuse case as realistically as possible, in a benign environment. Make every effort to use your own staff in this exercise, use separate independent observers – no one knows your business better than you. React to the misuse case according to your developed processes.
  3. CHECK: Measure the performance of the misuse case handling, identify areas for improvement and gain agreement from your stakeholders – it is important to maintain efficacy whilst gaining maximum effect vs spend.
  4. ACT: Implement the observations.

Nuggets:

  • Be aware of all Security Domains when considering response and improvements (Physical, Personnel, Process and Technical).
  • Be aware of your own approach to Risk Management (Appetite, Mitigation Approach).
  • Include all of your key business processes and supply chain – insourced or outsourced – in the scrutiny.
  • Repeat the exercise regularly – this should become second nature; fidelity will be increased the more times this is done. Misuse cases should evolve / change the more times this is executed.
  • Ownership of this iterative approach should remain vested in your company and should have the full support of the board – use external consultants wisely – skills and knowledge transfer is key.

The cyber threat is agile and fast moving.

Train Hard, Fight Easy.