Testing cyber security readiness

The consequences of a cyber security attack on an organisation can be severe and multifaceted, impacting financial, operational, reputational, and legal aspects. Many organisations are especially concerned about the reputational impact from negative publicity and the erosion of public trust if breaches expose personal or financial information, yet until they have experienced it directly, it is common for organisations to underestimate the operational impact of a cyber security incident, including loss of productivity through employee downtime and reallocation of resources, disruption of critical services and data unavailability, and increased operational costs due to temporary work-arounds and incident response efforts.

For all of these reasons, time is critical when responding to a cyber security incident.

Runbooks and Processes for Incident Response

An organisation should identify the key cyber security risks it faces and develop detailed, procedural documents that outline step-by-step actions for responding to specific types of cyber incidents.

Processes are overarching workflows or frameworks that guide how organisations handle cyber security incidents from detection to resolution. They ensure that response activities align with best practices, policies, and compliance requirements. Detailed incident response processes should include Preparation (Implementing and testing incident response plans; Developing runbooks and ensuring employees are trained); Identification (Monitoring and analysing the organisational environment to detect and verify potential security incidents); Containment (taking steps to limit the blast radius and prevent further compromise); Eradication (removing the threat actor from the environment and addressing the root cause of the incident) and Recovery (restoring systems to normal operations).

Runbooks serve as practical guides for incident responders, helping to ensure a systematic and efficient approach to addressing threats.

Runbooks should be:

• Scenario-Specific: Focused on predefined incident types (e.g., phishing, ransomware, DDoS).
• Action-Oriented: Break down actions into discrete, executable steps.
• Role-Defined: Assign specific tasks to appropriate team members or roles.
• Dynamic: Regularly updated to reflect changes in threats, tools, and organisational procedures.

Having Processes and Runbooks in place will help minimise response time, ensure a consistent response which reduces errors or oversights and improve coordination amongst the organisation’s security, IT, legal and executive teams.

Wargames – Tabletop exercises and simulations

However, it isn’t enough to just prepare and document processes and runbooks. To be effective, they need to be validated and practiced through tabletop exercises and simulations.

Tabletop exercises are an essential tool for improving cyber security readiness. They simulate real-world cyber incidents in a controlled environment, enabling organisations to test their response plans, identify gaps, and enhance preparedness. Cyber security training is never just about ticking a compliance box – it’s about safeguarding your organisation’s most valuable assets. Tabletop exercises in particular can significantly enhance the efficiency of an organisation’s response to a cyber security incident, minimising the impact (the blast radius) and assisting an organisation to return faster to ongoing operations and then a business as usual status.

Cyber security exercises which build and test cyber preparedness are mandatory for some critical infrastructure assets which have been declared a System of National Significance. These exercises reveal whether the existing resources, processes and capabilities of an organisation sufficiently safeguard its systems and operations from cyber security incidents.

CyBiz has worked with its partner Sygnia to deliver Cyber Crisis Tabletop Exercise for critical infrastructure companies and other enterprises in Australia and New Zealand. These exercises are designed to strengthen the cyber security awareness and ability of corporate leadership to guide an organisation through a major cyber crisis. They enable leadership to understand the typical flow of an incident, roles and responsibilities in a crisis, and stress test key processes while tackling complex challenges. Sygnia leverages extensive front-line experience responding to major, heavy-weight cyber-attacks, to create realistic multi-dimensional attack scenarios that generate pragmatic takeaways for its clients. Unlike many tabletop exercises which can be generic, Sygnia and CyBiz scenarios are tailored to mirror the customer’s infrastructure and replicate actual attacks which have taken place against similar organisations across the globe.

Cyber Security Escape Room

Cyber Security Escape Room

What if your organisation hasn’t yet developed processes and runbooks to support response to a cyber security incident? Threat actors don’t wait for organisations to get ready before launching cyber-attacks. Even if your organisation doesn’t have documented processes, there is a lot to be gained from simulating real-world cyber incidents in a controlled environment to enhance team collaboration, identify gaps, strengthen communication and improve communication.

CyBiz’s Cyber Security Escape Room is a dynamic team building experience that uses the medium of cyber security attack and defence as the basis for learning or role play. Whilst navigating a cyber security scenario, your team will utilise role play enhanced by props, conduct and respond to “media interviews” and “breaking news” items, negotiate within the team to agree on the best way to respond to the developing scenario, and react under time pressure, negotiating with and responding to the attackers’ next move.

This is a fun activity for an executive cross-functional leadership team or for an individual team within a department – and no cyber security technical or other knowledge is required. These can be run in your offices or at any location in Australia and New Zealand.

As well as sending an important message to the leadership team and others that the organisation wants to promote a security culture, your team will return to the office feeling energised and can build on the experience of the Cyber Security Escape Room to think strategically, adapt quickly to evolving circumstances and work collaboratively with their peers.

Reach out to CyBiz now to learn more about our tabletop exercises and escape room activities, or for support in preparing processes and runbooks.