We Value Your Privacy

We use technology such as cookies on our website, and through our partners, to personalize content and ads, provide social media features, and analyse our traffic. To find out more, read our privacy policy and Cookie Policy. Please also see our Terms and Conditions of Use. By accepting these terms you agree to your information being processed by Inbox Insight, its Partners or future partners, that you are over 18, and may receive relevant communications through this website, phone, email and digital marketing. For more information on how we process your data, or to opt out, please read our privacy policy. Our policies and partners are subject to change so please check back regularly to stay up to date with our terms of use and processing.

Accept Terms Settings

What Do Simulated Cyberattacks Tell You About Security?

{authorName}

Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Wednesday, April 12, 2017

Does simulating cyberattacks actually help your company's security, or is it a waste of time and resources? We assess the evidence here.

Article 2 Minutes
cyberattacks
  • Home
  • IT
  • Security
  • What Do Simulated Cyberattacks Tell You About Security?

In March 2015, the UK Government Communications Headquarters (GCHQ) held the largest cyberattack simulation in British history. Over the course of two days, 42 cybersecurity experts dealt with a staged terrorist attack featuring a group of hackers taking control of the guns on a battleship and pointing them at London City Hall.

So what was the point of all this?

GCHQ spent their time and money on the exercise in order to find new talent to recruit. However, this is not realistic for most organizations - it's an expensive way to find new employees - so is there a point in simulating cyberattacks at all?

Leading voices in the cybersecurity sector certainly think so. In fact, major simulations are becoming more common in this industry. EU law enforcement agency Europol's European Cybercrime Centre (EC3) recently held a major simulation alongside MasterCard, in order to promote best practices in the retail industry.

Held at Europol’s headquarters in The Hague, the Mock Retail Cyber Hack exercise involved simulated threats such as infiltration to payment systems and distributed denial of service (DDoS) attacks.

Steven Wilson, the head of EC3, said the simulation "provides a plan and the necessary know-how for merchants to be able to immediately remediate any such hack in real life and protect the financial data of as many of their customers as possible".

The benefits of simulations

These simulations provide vital practice without risk. In an actual cyberattack situation, staff might be scared to try new things in case they fail, as there is so much on the line. These tactics could be key to defeating cybercriminals, so IT professionals need a chance to try them out in a safe environment.

Dr John Saunders of the National Defense University also points out that simulating attacks allows teams to discover responses to questions they didn't know needed asking. For example, a simulated attack could show how a network would react to a hack, or how communications would be disrupted.

Summing up these benefits, Dr Saunders said: "Through simulation exercises, responses to these questions can be learned. It is too late to formulate a proper response after the crisis has occurred or after the system has failed to perform."

Tech Insights for Professionals

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.

Comments

Join the conversation...

Further Reading