Turning the cyber spotlight on the senior leadership team
Cyber Security is often likened to a stool, with the three legs representing people, processes and technology. In business and the public sector, creating the right balance of investment between these three vital components is the greatest challenge faced by cyber security decision makers today.
Investing in the ‘people’ leg is as important as providing the right technical solution; improving internal processes requires the cooperation of the organisation’s workforce. At NCC Group, we put senior leadership teams through their paces, helping participants to learn to manage an incident, through the prism of our ‘Gold Team’ exercises.
With the senior leadership team and their deputies in the boardroom, we create an immersive, scenario-led environment where a cyber-based incident develops into a full-blown and complex crisis. Dedicated laptops, phones and an exercise ‘network’ ensures the participants – or ‘players’ –remain focused on the problem and there are no embarrassing leaks of the exercise to the real world, which might affect their share price! No personal phones or laptops are permitted. The idea is to keep everyone concentrating on the scenario for the full term of the exercise, normally 4 hours.
The incident develops throughout the exercise via a number of injects which follow a ‘Main Events List’, with the time speeded up get through various scenarios appropriate to the incident and to keep the pressure on. The injects deliver information via email, text message or phone call, either to all the Gold Team members around the table, or to individual members depending on their role in the business.
The scenario is maintained by a back office team, with colleagues playing determined journalists, difficult clients or even the global CEO. The strategic response of the organisation dictates the response of the ‘real’ world. The immersive feel is reinforced with a dashboard on the laptops showing changing newspaper headlines and social media feeds. It can get quite heated as people become fully engaged with the incident.
As the scenario builds up, senior leaders come under the spotlight in a number of areas. Making decisions under pressure while demonstrating the need to keep a clear head, understanding the importance of keeping track of a fast moving, changing situation, and ensuring that communications are clear and timely.
The exercise tests the Gold Team’s current play books and its ability to cope with the unexpected. In a military context, this is called ‘mission rehearsal’. The ability for this kind of exercise to test people’s leadership under stress is remarkable; I have been on both sides of this type of immersive training during my military career and it never fails to highlight individual learning opportunities. The behaviours that emerge from these training opportunities are common to leaders whatever their working environment; the secret is being open minded, learning from the exercise and moving forward.
Running a Gold Team incident response exercise is a key engagement with our clients’ executives as they see the capabilities of NCC Group to support them. We offer other less high profile options, starting with Bronze Team events that focus on an operational team’s Incident Response activity and Silver Team engagements where we work with departmental heads to look at their roles and responsibilities in deciding the appropriate response – the tactics – to managing an incident.
If you'd like to know more then please get in touch... https://www.nccgroup.trust/uk/contact-us/