Playing war games to prepare for a cyberattack
A poor response can be far more damaging than the attack itself.
JULY 2012 • Tucker Bailey, James Kaplan, and Allen Weinberg
Source: Business Technology Office
war games to prepare for cyberattacks article, war games show companies what needs protection from cyberattacks, Business Technology
In This Article
Exhibit 1: Cyberwar games yield insights into security vulnerabilities and information assets.
Exhibit 2: Preparation for cyberwar games surfaces vulnerabilities that can then be tested.
About the authors
“Can it happen to us?” All over the world, technology executives have been fielding this question from boards of directors and CEOs in the wake of highly publicized cyberattacks on large, well-respected companies and public institutions.
“Yes” is the only honest answer at a time when ever more value is migrating online, when business strategies require more open and interconnected technology environments, when attackers have always-expanding capabilities, and when attacks take advantage of limited security awareness among employees and customers. In fact, it may already have happened to you—but you may not know it.
Although political “hacktivists,” such as Anonymous and LulzSec, certainly delight in announcing their exploits to the world and causing embarrassment to their targets, other sophisticated attackers seek to cover their tracks. Organized-crime rings engaging in cyberfraud have no interest in letting their targets know they have been infiltrated.
We believe that boards and senior business leaders should be asking the technology team a different question—namely, “Are we ready to respond to a cyberattack?”
An ill-thought-out response can be far more damaging than the attack itself. Whether customers cancel their accounts in the wake of a successful cyberattack depends as much on the quality of a company’s communications as on the gravity of the breach. How much value is destroyed by the loss of sensitive business plans depends on the ability to adjust tactics quickly.