Playbooks and tools are only as good as the people using them and a lack of trust and cooperation can derail even the most carefully crafted cyber response.
Both technical teams and non-cyber business leaders must have the right skills and experiences to successfully deal with inevitable cyber incidents in an evolving threat landscape.
The Immersive Labs annual Cyber Workforce Benchmark Report found that while cyber resilience is rising globally, organizations typically are not preparing their workforces enough for after-incident response.
Speaking to Infosecurity, Dan Potter, Senior Director of Operational Resilience at Immersive Labs, explained there are two key challenges organizations face in terms of cyber resilience.
“One is technical skills; you've got to use tools which are very expensive and necessary. Can they use them effectively to quickly identify and detect threats?” he said.
Immersive Labs’ Team Sim solution allows employees to use real tools to practice how to effectively respond to an incident.
“The next big thing is how do you give the business leaders the confidence that you’ve got the right people with the right skills that are up to date with the latest threats. One way of doing that is to prove that they can complete the technical tasks where we can measure that and give them upskilling,” Potter noted.
Potter highlighted that non-cyber business leaders need to be familiar with how a cyber-incident might unfold and be able to appropriately challenge their technical teams on the decisions that will be made.
Responding to an incident effectively requires a diverse poll of perspectives. Relying on a small number of opinions could result in a team responding to previous incidents that may be familiar and not recognizing new tactics deployed by attackers.
The Benchmark Report highlighted that junior staff tend to challenge themselves with more difficult exercises and are more likely to stay current with new threats compared to more experienced cyber professionals.
The company noted that to effectively prepare for cyber threats, individuals at all stages of their career need to be prepared for the latest threats.
How to Keep Teams Informed on the Latest Threats
The threat landscape is evolving and Potter noted that teams must be on top of the latest threats and ready to respond.
Mark Manglicmot, SVP Security Services for Arctic Wolf spoke to Infosecurity about how his team of over 900 security analysists globally uses Immersive Labs’ solutions to ensure they are up to date with the latest attack trends.
As a company specializing in incident response, Manglicmot noted that teams must be trained on new attack techniques in near real time.
“Immersive Labs does a great job of producing content very quickly after new threats are identified that I can push out to my team so that they're trained on those areas,” he said.
As well ensuring teams are knowledgeable about the latest tactics techniques and procedures of both new and existing threat groups, he noted that cybersecurity protections have become very broad
“As you look across a company's network, you have endpoint, you have firewalls, you have Cloud, you have all these different areas that you have to learn about and nobody's an expert at all of it,” he said.
Continuous learning is a key element of resilience and preparedness for incident responders.
Arctic Wolf also uses training and simulations as an incentive for career development, allowing new joiners access once certain requirements have been completed and giving those looking to enhance their skills opportunities to do so and progress within the business.
He noted that the trainings were not something that Arctic Wolf has made mandatory for teams to do.
“That has allowed us to highlight those that are really investing the most in themselves for career development,” he said.
On a company-wide level, Arctic Wolf uses Immersive Labs’ Sim functionality to have teams compete during capture the flag events. Manglicmot said that gamification has been a real success in this area.