Picture this: you walk into the office in the morning, only to find the majority of staff in your
MSP have been locked out of their computers. A message appears asking for extortionate amounts of
bitcoin in order to have your data restored. While this is happening, staff are texting their friends and family about the incident and, sooner or later, clients start to catch wind of the news and reach out in concern of their data being breached. Skip back to the part where you first discovered the
ransomware attack. What's your first instinct to start resolving the issue? To gather the rest of the team? Okay. Great. What’s next? If you can’t answer that question, you could be in deep water if trouble strikes. You’re not the only one, however.
According to the 2017 State of Cybersecurity Among Small Businesses in North America Report, a shocking
11% of businesses in North America have no form of cybersecurity protecting their data. Not even
antivirus software. That’s a lot of unprotected data waiting that cybercriminals can hack. We know this because the amount of cyberattacks we see year after year is consistently trending upwards. In the first half of 2018, more than
22 million records were exposed because of
668 data breaches across the U.S. And that’s only the first half of the year.
You also have the choice of hiring a third party company to control your simulation. These companies aren’t as close to your systems as you are, so they have an unbiased and more true-to-form way of testing out your strategy. A simulation will generally last half a day to a full day, and it'll encompass every instance that could happen if your data is compromised. It'll force you to find the errors in your solution and fix them before a real hacker breaks in.
What is a Simulation
Okay, so we know how dangerous the cybercrime climate is. But what can you do about it? Beyond the classic antivirus software, firewalls, and proper staff education, you can set up different tests to ensure your IT teams and company as a whole are ready in case of an attack. We refer to them as simulations, and they act as a kind of cybersecurity fire drill. Basically, either you pose as a potential hacker, or you have a third-party company pose as one to see where your vulnerabilities lie and how quickly your team can resolve different types of breaches.How to Run a Hack Simulation
To simulate a hack you have to think like a hacker. Where might a hacker try to infiltrate your defenses? What are the most common ways someone can breach your systems? Could an employee open a phishing email and open your systems up to a breach? If so, what happens next? Do your clients reach out? Does your stock start to drop? Do you send your employees home? You should explore and simulate every single detail that could happen as a result of an invasive attack, so everyone knows how to handle themselves in a real crisis.