Resources & insights

Strengthen your organisation’s defences through simulations and incident response readiness

In today’s ever-evolving threat landscape, organisations must prioritise their cyber security preparedness to effectively combat the rising threat of cyber-attacks. AI has supercharged the results malicious actors can achieve, enabling them to send more enticing phishing messages in greater numbers.  

It’s becoming an arms race of threat actors against team members. Malicious actors know there’s big money to be made, especially if they can access your email account to send phishing messages to your contacts (known as “business email compromise”). Multi-factor authentication (MFA) can help, but it’s no silver bullet. 

While traditional training methods have their merits, a more immersive and engaging approach is required to truly instil a culture of cyber security awareness across the business. Here, we will delve into the importance of incident response plans, scenario-based tabletops, and simulated events, shedding light on how they can empower organisations to proactively bolster their preparedness against the cyber security challenges we all face today.  

Preparing your people 

A crucial aspect of cyber security readiness is raising awareness among your people. After all, they are your first line of defence, considering that 90% of all attacks start with email-based phishing as the initial entry vector.  

Show your people the importance of keeping security front of mind. Ongoing training is best, as one-off sessions quickly fade from memory. New team members are often extra-susceptible to social engineering and phishing attacks, so when new people join your organisation, make sure cyber training is part of their induction.  

One of the best ways we can build our ‘human firewall’ is through realistic phishing attack simulation, which involves the controlled delivery of mock phishing emails to employees, with the aim of testing their ability to identify and report such attacks.  

Regularly exposing our people to the same level of social engineering that an attacker would target them with, serves multiple purposes.  

Firstly, it raises your employees’ awareness of the latest techniques attackers use to exploit our weaknesses as humans, such as emotive emails designed to trick us into revealing sensitive information or playing on a sense of urgency to download and run a malicious attachment. By experiencing these simulated attacks in a controlled environment, employees can enhance their ability to identify these red flags and respond appropriately to genuine phishing attempts.  

Secondly, data from simulated phishing campaigns allow an organisation to better measure their employees’ susceptibility to these attacks and, in turn, identify areas of the business where more focused training and awareness campaigns may be needed. Furthermore, tracking this data over time will reveal insights into how well your security awareness program is performing, allowing you to track this as a Key Risk Indicator. 

Appropriate training and exposure to phishing simulation will help your team take a moment to think before a risky click. We like to think of this as “healthy scepticism” of suspicious emails, links, and attachments. It’s important to stress to your people that phishing simulation is not about catching them out or leaving them feeling bad or uncomfortable. Instead, the focus should be on making each simulation an educational event, to prompt discussion, build team spirit, and help better arm them with the right questions next time they face a potentially malicious email.  

It’s unrealistic to believe that no one will ever click on a suspicious link. It’s going to happen. Instead, you want to empower your people to report any incidents quickly to give you the best chance of containing any fallout. If they click on a link and then think, “Oh, maybe that click wasn’t smart. That could’ve been a phishing email.” You need to encourage them to come forward. 

Preparing your processes 

Having addressed the importance of preparing your people for one of the most common attacks, let’s focus on building a solid foundation for your organisation’s incident response. 

Firstly, look at the business processes you have in place in your organisation. Attackers use social engineering to do things like invoice fraud, payroll fraud and impersonation. Having robust business processes can block these attacks, even if the attackers have bypassed all your technical controls. For example, do you keep your employees’ bank details up-to-date when paying salaries? When you’re absolutely sure of their genuine bank details, you know to be suspicious if you suddenly receive an email asking you to pay their salary somewhere different.  

The speed and accuracy of the response to an incident can sometimes be the difference between a minor alert that is resolved quickly, versus a full-on major data breach. The incident response plan is a vital component of your preparedness strategy, providing a structured procedure for responding to cyber security incidents, and ensuring a coordinated and effective response. 

A well-crafted incident response plan includes clear roles and responsibilities, communication protocols, escalation procedures, and specific actions for different incident types. It must also be developed in collaboration with other core areas of the business to ensure it captures organisational assets, working practices, and regulatory requirements from the perspective of other business units. Regular reviews and updates ensure the plan remains aligned with evolving threats and organisational changes. 

The first time you put your incident response plan into action should not be during a real live incident. Relying solely on theory and assumptions is not enough to ensure the plan’s effectiveness. It is important to thoroughly test and validate your plan to identify any shortcomings or areas for improvement before an actual event occurs. 

Tabletop exercises to test your plans

Tabletop exercises provide a valuable opportunity to simulate a cyber security incident in a controlled manner. These exercises gather key stakeholders and decision-makers from around the business to walk through hypothetical scenarios and evaluate how you would respond. By conducting tabletop exercises, you can assess the effectiveness of your incident response plan, identify weaknesses, and refine your procedures and coordination among different teams. 

It’s best practice to engage with an external facilitator for tabletop exercises. Someone from outside your organisation will bring a different perspective and can draw on different experiences. A good tabletop exercise will always have an element of the unexpected – and if you only go with what you know, you’ll only run a session that aligns with the exposure, risks and controls you already have. 

Find out more from Doherty Associates 

With such a large proportion of cyber threats arriving via phishing and limits to what can be filtered using technical tools, it’s vital that team members are prepared to act as the “human firewall” and know the warning signs that could indicate a threat.  Training and simulations can help build a “healthy scepticism”, helping avoid risky errant clicks – or at least reporting them promptly to enable a timely response. 

Experiencing a cyber-attack can be a highly stressful and disorientating event that can lead to bad decision-making that hinders effective response efforts. Having a clearly documented incident response plan in place, along with regular training and simulation exercises, helps build familiarity and confidence that your people are equipped to make informed decisions even in high-pressure situations.  

At Doherty Associates, we’re experts at getting organisations like yours cyber security ready. We’ll help you create a security awareness program that keeps your business secure, build an incident response plan to minimise the impact of any threat, and so much more. In the never-ending arms race between malicious actors and their targets, you’re better positioned to stay one step ahead with our expertise behind you. 

To find out more, visit our Services page today.  

Back to resources & insights