Can Your Organisation Handle A cybersecurity incident?

Every day, It seems that every day we hear of a company being hacked, a hospital unable to provide patient care due to ransomware taking over their systems, our details accidentally published online for the world to see.

Tabletop exercises, live-play simulations and war gaming are all effective ways to find out how your team would cope in a cybersecurity crisis.

At Cybility, we provide a unique gamified learning experience with a highly interactive and immersive scenario that is tailored to your organisation. 

It is a business focused experience designed for leaders, senior management, and subject matter experts from across the organisation that are likely to be involved in responding to a cyber security incident.

Why Rehearse Incident Response?

As the compromises of organisations continue to Increase resulting in a halt to operations and increased costs; more organisations recognise the need for a cybersecurity incident response plan.

However, a written plan is only effective when it is tested on a regular basis – ideally using different scenarios and taking account of personnel availability and changes, and so on.

The process of going through a mock scenario is incredibly useful as it will:

  • Enable the organisation to identify potential gaps in the plan and procedures that may be needed;
  • Build incident response capability within the team;
  • Increase understanding of the need for the different roles to be involved;
  • Build a sense of comradery in the cybersecurity incident response team (CSIRT).

Like any activity - when repeated regularly it creates a habit.  The more you do it, the more confident you can be in your organisation’s ability to respond to a cyber-attack.

Our Solution

1. Prepare

Complete our pre-exercise e-learning course to give everyone a solid baseline

2. Participate

Actively contribute to the Cyber Security Incident Response Exercise Scenario

3. Probe

Share candidly in the cold wash (debrief) to generate lessons learned

On completion of the experience, your organisation is provided with an After-Action Report (AAR) that includes focus areas for improvement to inform your organisation’s cyber security resilience planning.On completion of the experience, your organisation is provided with an After-Action Report (AAR) that includes focus areas for improvement to inform your organisation’s cyber security resilience planning.

On completion of the experience, your organisation is provided with an After-Action Report (AAR) that includes focus areas for improvement to inform your organisation’s cyber security resilience planning.Participants receive a digital certificate and are issued with the Cybility Cybersecurity Incident Response Team Experience (CSIRTxp) Alumni badge which can be shared on LinkedIn or other social media.

Frequently Asked Questions

Yes, this is an area that Cybility can support you with in terms of preparing for a cybersecurity incident such as ransomware or a data breach.  Please book a call to discuss your needs.

We do not provide an incident response service in the event of a security incident occurring.  We recommend having a cybersecurity incident response provider on retainer if funds allow; alternatively, if you have cyber insurance, they typically have preferred companies that they use for crisis response.

There are different ways to test an organisation’s cybersecurity incident response capability.

Different methods differ in audience, objectives, focus, format, scenario, realism, participation, and the level of preparation required, with full wargaming being the most interactive and resource-intensive.

At Cybility, we favour a gamified table-top approach.

Understanding the difference between incident response exercises

Standard TabletopGamified TabletopSimulation (aka Red Team)Wargaming
AudienceExecutivesExecutives and mid-level cyber and business staffWorking level cyber staffHighly interactive with multiple teams / roles
ObjectiveValidate incident response plans / proceduresPromote engagement and information retentionTest technical incident response capabilitiesTest overall cyber resilience and decision-making
FocusCommunication, coordination, macro-level business decisions and actionsEscalation; mapping to business impacts; technologies, processes, and tradecraft to recognise attacks or carry out courses of action‘Point’ cyber technologies and correlationStrategic decision-making across adversarial teams/roles
FormatDiscussion-basedGame-like with mechanics such as rules, story, and scoringHands-on technical exerciseHighly interactive with multiple teams / roles
ScenarioFacilitator presents scripted scenarioImmersive fictional scenario that evolves; facilitator acts as a ‘Games Master’Replicates cyber attacks in controlled environmentDynamic real-world cyber attack scenarios
RealismModerate realism, limited by discussion formatMore immersive through storytelling and game elementsHigh technical realism by replicating real attacksHigh conceptual realism by simulating adversarial attacks
ParticipationDiscuss roles, responsibilities, actionsCreative problem-solving, novel solutionsUse actual tools, systems, and proceduresStrategic decision-making under pressure
PreparationModerate preparation of exercise designSignificant preparation for game designExtensive preparation of technical environmentExtensive preparation of dynamic scenarios

We will be taking notes throughout and provide these to you as an After-Action-Report (AAR). Whilst we do record to assist in producing the AAR, we typically do not provide recordings of the sessions to clients unless explicitly requested as part of the project scope.

Yes, we offer a 15% discount for this service for charities that are registered in the UK.

To claim this discount the charity must be active and currently registered with one of the following:

  • Charity Commission in England and Wales,
  • Scottish Charity Regulator in Scotland (OSCR);
  • Charity Commission for Northern Ireland (CCNI).