DEFENSESTORM BLOG

You Play Like You Practice: Cyber Incident Response

Wednesday, July 12th, 2023

VIEW ALL INSIGHTS

Cyber security risk management solutions from DefenseStorm.

Military, law enforcement, and first responders train constantly to be prepared for anything that they may face during their careers, so when those particular situations arise, they are confident, efficient, and knowledgeable about how to deal with and resolve the incident. Cyber incident response is no different.

In sports or any type of consistent competitive event, the importance of purposeful and diligent practice can’t be understated.  Ask professional athletes or competitors, and you will likely get a consensus on the importance of practice to achieve consistency and maintain a high level of performance.  Military, law enforcement, and first responders train constantly to be prepared for anything that they may face during their careers, so when those particular situations arise, they are confident, efficient, and knowledgeable about how to deal with and resolve the incident.

Cyber incident response is no different. With rapid innovation in technology, threat actors are poised to attack, and financial institutions are a prime target. In a type of perpetual digital battle, malicious cybercriminals aim to attack without concern about the impact on you, your family, your employees, and your customers, so preparation and practice are key components to success in thwarting these attempts.

When a breach or major cyber event happens, it’s devastating to an organization on multiple levels.  It can be the end of a company or business in some cases.  How often do we train to handle those events, given the severity of cyber attacks? How many hours a week, month, or year are being spent on making sure that when the time to jump into action is here, the response is efficient, calculated, and competent?  If we evaluate ourselves, our response, is the skillset efficient? Once a year is just not enough.  That yearly scenario you walked through may not even be applicable to the Applicable Persistent Threats (APTs) that are causing the most damage throughout the year, not to mention the 100+ other scenarios your FI may encounter.  Reevaluation, at a minimum, should be four times a year- but every other month is even better!

In 2021, VMware stated that roughly 50% of organizations are deficient in the tools, personnel, and experience necessary to identify or address cyber threats. Practicing and regularly testing your incident response plan will help identify gaps and deficiencies in your plan and address those before an incident occurs.  It will help make sure roles are filled, responsibilities are kept up to date with turnover and staff changes, and mitigation efforts are kept current, along with practicing for the most recent and common attack scenarios.  Regular practice and testing of your cyber risk management plan will make sure that responders are calm, prepared, and efficient during an incident.  These are just a few of the benefits of regular practice and testing!

The reoccurring theme in a vast majority of the sessions at a recent security conference was preparedness for cyber incidents.  Nearly every session touched on this in some form or fashion.  It was an excellent reminder of why regular training and practice is paramount to cyber resilience. Similar to how athletes couldn’t practice once a year and maintain their abilities, your cybersecurity team must regularly prepare and hone their response skills.  If you train poorly and infrequently, when the time comes, that’s likely how the response will be. You will play like you practice!

James Bruhl

James Bruhl

Director of Cyber Threat Intelligence

James Bruhl is the Director of Cyber Threat Intelligence for DefenseStorm. He joined the company with 15 years of experience as a law enforcement officer, bringing extensive experience in crime prevention, evidence collection, investigative techniques, and crisis management. Driven by a passion for technological advancements and the ever-evolving landscape of digital threats, he transitioned to the field of digital forensics, incident response, and cybersecurity. In his role, he honed his skills in analyzing digital evidence, identifying cyber threats, and implementing robust security measures specializing in forensic examinations on various devices to uncover critical information and support investigations. James began at DefenseStorm as a security engineer in 2020 and developed DefenseStorm’s EDR Service. He was then appointed as Director of Cyber Threat Intelligence in 2022 and is responsible for nearly all facets of the EDR service. During his cyber career, James has been instrumental in proactively detecting and responding to cyber incidents and plays a vital role in incident response teams, coordination efforts to mitigate the impact of breaches, vulnerability identification, and strategy implementation to prevent future attacks. He continues to share his expertise by conducting training sessions, participating in conferences, and writing articles on topics related to digital forensics, incident response, and cybersecurity. James holds a bachelor’s in criminal justice from the University of North Georgia and a GCFE certification.