I would like to propose a quick exercise: how many fire drills have you participated in during your professional life? “Numerous”, I imagine is the answer. Now I ask you: how many simulations of hacking attacks have you participated in? I guess the answer borders on “none”.
Preparing for emergencies is almost a natural movement. In a building where hundreds, sometimes thousands of people work, it is essential to carry out fire escape training to ensure that everyone is safe when evacuating the place. Anyone who has been through a real fire situation can even argue that, at the time, it didn’t go exactly as planned, but I can guarantee that it would have been much more chaotic if there hadn’t been planning and step-by-step simulations.
With the growing number of cyber attacks, which affect from large corporations to people in their homes, through public agencies and governments, simulations of this type of threat should be more common. Investing in technology and teams to help protect it is extremely important, but leaders need to make sure that the entire infrastructure is efficient and that the chances of failure are minimal.
The issue of cybersecurity is already a reality in most companies. Many of them prepare lectures and training on the subject, but perhaps it is not enough. In an emergency or disaster, you can’t always count on people’s rationality, and that’s normal. Faced with a ransom demand of millions of reais, few people will be able to deal with the situation in a calm and resilient way, without having to make hasty decisions.
That’s why training becomes so essential. Together with your company’s team and technology leaders or IT support provider, put together a structured plan with the steps that need to be followed in an attack situation. Don’t let the plan die on paper: invite the entire company to participate in training sessions and carry them out periodically. It will be easier to notice loopholes in the system that could be the cause of a cybercriminal intrusion and remedy them in time. It also helps to detect potential issues, for example, monitoring attack surfaces, especially if your employees are in the home office or hybrid model.
You don’t have to start planning from scratch, on the internet you can find ready-made templates or even companies that offer this type of service. CISA, the US cybersecurity agency, for example, has a guide for situations like this with free or low-cost content.
Simulations are not fun at all and can seem like a waste of time. But much more time and money will be lost if companies fail to mitigate potential preventable risks.
Trending on Canaltech:
+The best content in your email for free. Choose your favorite Terra Newsletter. Click here!