By Patrick Gray
IT leaders are great at testing. After all, they test systems and policies all the time. However, real-world emergency scenarios and the human element of cybersecurity are too often overlooked. Recognize the gravity of emergency situations, and train your department accordingly.
Patrick Gray writes, “Most IT organizations would consider themselves competent in testing. They have decades of experience, a well-defined methodology, and modern testing tools. However, few test the chain of command and organizational ability to respond to challenging incidents.
“Recently the United States government performed a simulation of a large-scale cyberattack on U.S. infrastructure. As one would expect with this type of attack, primary targets included civilian infrastructure like the electrical grid and financial institutions, in addition to military targets. One of the surprising findings was that the military does not have a clear organizational way of responding to attacks on domestic targets. In a real incident, valuable time would be lost as military and domestic entities attempted to coordinate responsibilities and responses, ultimately giving the attackers more time to inflict damage.
“Presumably, the U.S. has the latest technology and training for responding to large-scale cyberattacks, yet in this case organizational problems prevented a coordinated response. Whether you are leading a complex military organization or a small IT team, the human element is key in responding to crises, even crises far less dramatic and threatening than a multi-front cyberwar.”
Read on for specific cybersecurity and other emergency situations your IT department must be training for.