Theory and simulation are all well and good…but how close to reality are such simulations?
RGL recently hosted a War Game simulation as part of Advisen’s Cyber Risks Insight Conference in New York. The War Game scenario was designed to rehearse the response and outcomes of a cyber breach for an Internet Service Provider. The lessons learned were interesting to say the least, and as it turns out, our theoretical scenario became a reality the following week when a real cyber breach resulted in a UK health care service cancelling planned surgeries and operations as a consequence of the cyber attack.
In brief, our War Game scenario involved a cyber breach discovered by the FBI and brought to the attention of the C-Suite at an ISP. The threat escalated to a ransom demand and ultimately resulted in various levels of service interruption for the company’s customers. In true Dungeons & Dragons style, developments were decided by a role of the dice, problems introduced and our experts tasked with responding.
As media picked up on the saga, the company’s troubles led to major customer cancellations…including healthcare providers, who (in our scenario) had to postpone and cancel medical and surgical procedures.
The overall impact in our simulation was large financial exposure, reputational harm and major public relations problems.
But it would never happen, right? Wrong.
On November 3, a story in the UK broke in which Russia was accused of being behind a major cyber breach resulting in a National Health Service (NHS) decision to cancel operations for three days at three NHS hospitals, with other hospitals being put on high alert.
The lessons learned from the simulation included identifying the potential financial exposure of not being ready to respond. Our team did a great job, “on the fly”, but it was evident that a well-planned AND well-rehearsed response would have dramatically helped them, especially in respect of responding appropriately and quickly…ultimately reducing the risk of loss.
Whether it’s a case of truth being stranger than fiction or life imitating art, the reality is that these breaches are happening with increasing regularity. They are causing financial loss and a host of other issues to the breach victim and will continue to be a risk to your company. As the saying goes – better to be prepared.