Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Steve Durbin
Steve Durbin
Connect Directly
E-Mail vvv

10 Benefits of Running Cybersecurity Exercises

There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.

Keeping information secure is a difficult task, even if you have bountiful resources. With companies like Nintendo, Twitter, Marriott, and Zoom all suffering high-profile data breaches recently, it's clear that no one is safe from cybercriminals. While most organizations understand the need to build defenses and develop policies to reduce the risk and potential impact of a successful cyber attack, many fail to rigorously test those defenses.

Cybersecurity exercises are useful simulations of specific cyber attack scenarios that enable organizations to gain valuable insights into their real-world response. From basic, small-scale, brief tests to complex, wide-scale, sustained attacks, cybersecurity exercises can provide verification that your defensive strategy is effective or highlight weaknesses that require immediate attention.

Related Content:

How Elite Protectors Operationalize Security Protection

Building an Effective Cybersecurity Incident Response Team

9 Disaster Recovery Planning Tips for a Disaster-Prone Time

Despite their importance, 74% of respondents to the ISF Benchmark stated that they do not subject critical systems under development to cyber attack simulations or exercises. This may be because cybersecurity exercises are perceived as time-consuming, expensive to run, and potentially disruptive. If planned properly, there's no reason that should be the case. Cybersecurity exercises can deliver some truly compelling benefits. Consider these 10 examples of how. 

Identify Your Strengths
There's a lot of focus on uncovering weaknesses and problems during cybersecurity exercises, but there's also major value in identifying what's working well for your organization. Robust strategies can be emulated elsewhere, smart policies can serve as templates, and effective employees can help to train others.

Improve Your Response
Perhaps the most obvious benefit of running a cybersecurity exercise is that it gives you an opportunity to improve your response to future attacks. An exercise may back up the theory behind your defensive strategy with evidence, or it might point to the need for a fresh approach. Either way, it will drive you to improve.

Train People
There's no substitute for hands-on experience. Cybersecurity exercises provide employees with practical experience of dealing with an attack, they boost awareness of the possibilities, and they can teach people all about the right way to respond. Learning is always more effective with a practical component.

Define Costs and Timescales
In preparing for attacks, many assumptions and estimates are made about what resources are required to handle different scenarios and how long it will take to resume normal operations after an attack. Cybersecurity exercises paint a clearer picture of the costs and timescales involved, giving you hard data to help you build greater resilience, or use for any financial justification that might be required.

Determine External Needs
It's unrealistic, even for many major organizations, to maintain a team capable of handling any attack scenario without external assistance. Which attack scenarios require external help? How quickly can external expertise be secured? How much will it cost? Running security exercises can help to answer these questions. 

Collect Metrics
Setting expectations for how swiftly different aspects of an attack should be handled and how effective defensive actions should be is vital in defining your strategy. But you can only prove that they are being met when an attack occurs, or by employing a security exercises. This data should inform future strategy and guide your approach.

Identify Your Weaknesses
Whether there are technical vulnerabilities lurking on your network or weaknesses in security controls, cybersecurity exercises can expose them. They may also reveal the need for better training or new talent. Identifying specific weaknesses enables you to craft remediation plans and act immediately to improve.

Update Your Policies
If your current policies, standards, and guidelines aren't effective then it's time to revisit them. Effective incident response policies will drastically reduce the potential damage and disruption a cyber-attack can wreak. Regular policy revision is important and security exercises can provide useful evidence to guide that revision.

Find Non-Compliance Risks
The potential cost of breaching legal, regulatory, or contractual requirements is enormous, even if that breach is unwitting. Exposing compliance issues can prove difficult, but that does not mean they don't exist. Cybersecurity exercises can help to uncover areas of non-compliance, giving you an opportunity to fix them and avoid unnecessary legal – and financial –exposure. 

Increase Threat Awareness
From entry-level employees to the board of directors, lack of awareness about the nature of cyber-attacks and the scale of the threats they pose can be catastrophic. Failure to recognize the risk and react accordingly always exacerbates the problem, making a bad situation much worse.

Practice makes perfect. It's common sense to accept that rehearsals serve an important function in readying people for the actual event. Cyber attacks are inevitable, but it's how you respond that will dictate the impact on your business. Not only do cybersecurity exercises help to build awareness and understanding across your organization, they test your defenses, identify strengths to build on and weaknesses to mitigate, and offer invaluable practical experience.


Steve Durbin is CEO of the Information Security Forum, an independent, not-for-profit dedicated to investigating, clarifying and resolving key issues in information security and risk management. He is a frequent speaker on the Board's role in cybersecurity and ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel i...
PUBLISHED: 2021-05-06
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbi...
PUBLISHED: 2021-05-06
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
PUBLISHED: 2021-05-06
The administrator application on ASUS GT-AC2900 devices before allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_chec...
PUBLISHED: 2021-05-06
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.