We are very excited, and proud, to be an Australian startup that specialises in cyber security exercises. For our first blog post, we thought we should explain to you why we believe in exercises, and why we think they can help solve a problem many of us face: how to respond to a cyber security incident, minimise its impact, and prevent harm.
The scope of cyber
Since the early 2000s, Cyber Security has become a buzz word that even our grandparents now know about. In the early 2000s, our grandparents probably didn't even know what a mobile phone was, let alone think that just a few short years later mobile phones would become so prevalent, and advance at such a rapid pace, that now we can't imagine life without them. Its kind of the same for the term cyber security - probably only 5 years ago our grandparents (heck, even our parents!) didn't know what the term meant. Now, they probably still don't quite know what it means, but they sure as hell have some idea about good guys battling the evil dudes in hoodies who are trying to gain access to their superannuation accounts, or shock horror their health data (or for some, their Ashley Maddison account). They are aware of cyber incidents, they probably don’t quite understand them, but they know they might harm them in some way.
So we've all become more aware about what cyber is. More importantly, cyber is one of those things that cuts across every section of the economy. We can't have banking, finance, manufacturing, critical infrastructure, and even more importantly small to medium size businesses (which we all know underpin the Australian economy) if we don't get cyber right. That means, organisations - however big or small - are increasingly under pressure to 'do cyber', in some way. So we are all buying more bits of fancy software, new threat prevention tools, and soon, no doubt, some sort of fancy AI related kit that will solve all of our problems. We are investing more and more than ever before in addressing risks, fixing problems.
Yet it isn't working as well as we had hoped. Just look at the evidence. Some of the largest, most well resourced companies in the world are still being compromised and falling victim to even basic cyber attacks. Maersk in 2017. Melbourne hospitals in 2019. Countless organisations are still falling victim to ransomware attacks. It's not just the well-resourced, highly advanced and sophisticated state sponsored actors who are doing cyber, cyber criminals have heavily operationalised a business model that is incredibly lucrative and successful for them (to the tune of several billion dollars a year - that's money out of our pockets, our global economy that is going straight to cyber criminals). The bad guys keep on winning. Incidents keep happening.
At Retrospect Labs, we think the reason the bad guys appear to be doing so well against the good guys, is because we fundamentally aren’t ready. We haven’t yet mastered Incident Response (IR) as a whole - which means we can't respond as effective to an incident (and it is only a matter of time before one hits) as we should be able to. Our people need more help bringing tools, teams, and other organisational resources together to effectively do IR, it is a team sport after all. We know that good IR reduces the impact of an incident. We also know that good IR reduces the cost of an incident.
But good IR is hard to do.
That’s why we believe in cyber security exercises – enabling organisations to practice their incident response activities in an effective, efficient, and meaningful way. Exercises let you practice – and perfect – your incident response activities, meaning you can respond to incidents in the best way possible.
Knowing how to respond to an incident before it actually happens, means you’ll be placed to respond quickly and effectively when the real thing does happen. You won’t have to scramble. You won’t waste precious time and resources trying to figure out your first steps, who you need to tell. You’ll know. You’ll act. You’ll succeed.
When make it easy for you to do exercises. They will no longer be contrived, unrealistic, and painfully elaborate scenarios that you work through for half a day in a room somewhere. You'll be able to do exercises at your desk, more often, with more people and different teams. Some will be focussed on improving technical abilities. Some will be focussed on improving your whole of organisation response capability (like preparing and issuing media statements). You'll get to improve your incident response capability, the incident response capability of your team, and your organisational incident response capability. You will be ready.
When it comes to cyber security exercises, practice really does make for perfect. So get onboard today.