A cyberattack is not just a matter for security
Suppose your house is on fire. I wouldn't wish it on anyone, but if it happens, it's reassuring if a well-prepared and fully trained fire brigade shows up.
Picture the scene: you're enjoying a pleasant evening with your wife and children in front of the fire. As you stare contentedly into the flames, you realise that the chimney hasn't been swept in over a year. It was on your to-do list, but life got in the way. Soon after, it transpires that your chimney is actually on fire. The only thing you can do now is take your family to safety and call the fire brigade.
The fire engine arrives outside your house, sirens blaring, and five men get out. One of them walks towards you. To your surprise, he isn't wearing the uniform you had expected. He doesn't seem to be in any great hurry, either. This is how he greets you:
'Good evening. My name is Peter and I'm in charge here. I can tell your house is on fire. It looks exactly like what I've seen in a presentation and in a short video shown at a conference I was at recently. They didn't tell me about the smell, though, or how hot the fire would be. According to the script, we should now change into our uniforms, and then I'll check the fire engine's manual to see how to switch on the pumps. I remember something about pointing the hoses at the fire and water coming out of them. Anyway, feel free to make suggestions about what exactly we should be doing.'
Reading this, you'll probably think it's a ridiculous story that could never happen. You are, of course, absolutely correct. Firefighters are highly trained and would know exactly what to do. They would arrive well prepared, already in uniform and equipped with the rights tools, and they certainly wouldn't ask you for advice. These men and women would go about their business and ensure that the damage is minimal and that you and your family are safe.
In this respect, training is key. Obviously, firefighters train regularly - not just to learn procedures, but also to learn how to work as a team in real-life situations under ever-changing circumstances, since no two fires are ever the same. This way, each team member will know what to do. We wouldn't expect anything less!
However, when it comes to cybersecurity, this is far from the norm. Companies that come under attack should have made adequate preparations, but I regularly experience that this is not the case. Occasionally, they do have a scenario, so at least IT and security staff have some idea of where to start. However, the majority of them have never received real-life training, which means the wheel has to be reinvented over and over again each time a company comes under attack.
As you can imagine, this is not the most effective approach. The main question you should be asking yourself is this: have we been tested as a team?
A cyberattack or data leak, or a combination of the two, is often regarded as a problem to be dealt with by the security team, and sometimes also by the IT team. What many people tend to forget is that it takes the efforts of many more departments to contain such an attack. For example, Communications needs to be prepared to inform the press. Meanwhile, the Legal department will soon have to report the incident under the European General Data Protection Regulation (GDPR).
In other words, it's best to prepare the whole of your organisation for an attack or data leak. You should train like you fight, using every possible (human) resource. Just like firefighters, you should train as a team, to prepare for almost every eventuality. This is the only way to put your team to the ultimate test and find out what your reaction will be. Everyone must learn from the mistakes they make. Again, this is the only way to pick up new tricks and improve yourself continuously. After all, when a real attack happens, you don't want your firefighters to be clueless about what to do and ask you for advice.
So train like you fight!