Home »

A featured contribution from Leadership Perspectives: a curated forum reserved for leaders nominated by our subscribers and vetted by our Manufacturing Technology Insights Europe Advisory Board.

The Shyft Group

Jason Brown, Information Technology Security Manager

Get Prepared For Your Next Incident

Jason Brown

Large or small, every organization has experienced some type of cybersecurity incident. Whether an employee was phished or the critical infrastructure was infected by ransomware, we all have our war stories. It is said that it takes 10,000 hours to become a master at something. The skills developed during those hours are dependent on how the team was trained.

“Train like you fight!” It is a phrase that is used quite often. From athletes to the military, it is also a saying that is true in cybersecurity. When training our employees, we want the simulation to be as close to a real incident as possible. There are several ways this can be accomplished. There are low costs, no cost solutions that can be used, such as running tabletop exercises. Cyber ranges and gamification of cybersecurity training are also effective ways to get your employees trained in incident response.

No CISO ever wants to hear an employee say, “If that ever happened to us, I would just quit…” I have heard those words spoken a time or two after running an incident response exercise. Those words came from employees who had never experienced an incident before. It was not because the work was hard; it was because they did not understand how to react.

We can put together incident response policies and standards, but they serve no purpose without training. The key is to build repeatable processes so your employees know what to do when an incident does occur. Often times when an incident occurs, we are so focused on the incident itself that we forget some of the fundamentals, such as documentation. By building muscle memory, these fundamentals become second nature.

Tabletop exercises are often the cheapest to perform yet provides some of the greatest returns. These returns often come in the form of reduced reaction and remediation times. Tabletop exercises are performed by using scenario based questions. The questions can be individual incidents or a series of questions, all based upon a specific scenario.

An example of this includes:

An employee who called the help desk due to unusual circumstances concerning an email they received

It has locked down the employees’ computers with a message to pay Bitcoin because the system has been infected with ransomware.

It begins to spread across the network

Business critical systems have now been affected by the outbreak. As the next question builds off from the previous question, you build a scenario that is effective for you as the incident commander and the incident response team. The questions can also be close to real as possible by adding in various systems within your environment. Such as infections of the VMware environment or network disruptions due to failed Cisco firewalls.

Scenario based questioning can also be accompanied by run books or playbooks. These documents are decision based diagrams that depict how one should respond to an incident. An example could include a run book based on a user receiving a malicious email or how to respond to a virus infection. As you create the run books, ensure that your incident response team has reviewed and understood the workflow. Without these documents, your incident response team could handle an incident in many different ways, which can introduce wasted time and effort. Remember, when an incident occurs, time is against you.

“The key is to build repeatable processes so your employees know what to do when an incident does occur”

After every incident, an after action review should occur to review and improve upon the response; tabletop exercises are no different. As an incident commander, your job is to orchestrate the response and ensure that the incident is contained. Things can and will go wrong by well-intended team members. The after action review is to discuss what went right and, ultimately, what needs to be improved on. This will improve your overall response and performance in reacting to the incident itself.

Organizations should look at performing some type of incident response training at least quarterly. While this will not provide you the 10,000 hours of training to become a master at this, it will help in keeping response to an incident at the forefront.

The articles from these contributors are based on their personal expertise and viewpoints, and do not necessarily reflect the opinions of their employers or affiliated organizations.

The Leadership Perspectives forum brings together voices shaping the future of manufacturing technology. It features leaders who are advancing smart factories, industrial automation, and connected production ecosystems through strategic leadership and applied insight.

EDITOR'S CHOICE

Impossible Foods
Plant-Based Meat Alternatives: Manufacturing Food Safety Considerations
Younes Jellal, Head of Supply Quality & Product Safety
Textron [NYSE: TXT]
The Evolution of Manufacturing Technology
Todd Kackley, VP and CIO, Textron
Pentair [NYSE: PNR]
Advancements in Eco-Design Strategies for Enhanced Motion Control Systems in Manufacturing
Nicola Sgambelluri, Engineering Manager, Pentair
Essentra
Engineering a Sustainable Tomorrow
Jennifer Spence, Head of Sustainability Strategy