As cyber threats grow more sophisticated, cybersecurity programmes need to adopt a more holistic approach. Simulated attack scenarios must go beyond mere technology, according to Armand Kruger, NEC XON Systems cybersecurity head.

Why? Because the impact of cybercrime goes beyond IT. Cybercrime’s annual impact on South Africa is estimated at R2.2-billion, according to a recent statement by Billy Petzer, research group leader: cybersecurity systems, at the CSIR.

Kruger points out that cyberattacks affect business processes – not just IT software and infrastructure. Current corporate cyberattack simulations often focus solely on technical aspects, leaving a significant gap in preparedness. By integrating business leaders into planning and thinking, holistic scenarios enable organisations to consider implications beyond technology, ultimately enhancing their cybersecurity readiness,” Kruger said.

“I was recently in an incident response scenario where the company was infiltrated by ransom operators,” he said. “Through an open executive discussion in the boardroom, we were able to comfortably communicate in business language and explore ‘what if’ scenarios. This natural environment allowed executives to discover the implications for themselves, leading to improved executive buy-in and a better understanding of the necessary cybersecurity budget and resource allocation.”

NEC XON Systems, for example, runs attack scenarios that not only delve into the tactics employed by ransomware operators but also consider the broader business context and its implications. Questions such as, “How would we react if ransomware actors attacked?” and “Do all business players understand their roles in such an event?” are crucial to building a comprehensive response strategy.

The scope extends beyond IT departments, involving areas like PR and communications to address external messaging and media engagement. It is vital for cybersecurity plans to incorporate them and not focus solely on the technical aspects.

Procurement – the forgotten cyberattack response process

One often overlooked area in simulated attack scenarios is procurement, which plays a crucial cybersecurity role and needs mature processes in the event of an incident. To address the urgency of cybersecurity incidents, organisations should incorporate emergency spend workflows into their procurement processes, enabling quick and efficient allocation of resources within 24 hours instead of slow processes that take weeks or months.

Effective cybersecurity involves two main stages: incident response and crisis management. NEC XON Systems emphasises the importance of thorough preparation for incident response, noting that companies often neglect this critical aspect and go directly into crisis mode.

Prepare like the military

“Preparing for cyber threats is akin to military training, where practice makes perfect,” said Kruger. “Our goal is to ensure that cybersecurity teams know exactly what to do when faced with an attack.”

By incorporating cyberattack scenarios into their operations, businesses can prepare themselves in two critical areas: communication and coordination. This approach not only identifies previously unidentified security gaps and architectural flaws but also creates a controlled environment to neutralise threats and maintain business continuity.

It also helps organisations to quantify business risks and align stakeholders on appropriate response strategies.

“Businesses face cyber cartels, and through our process executives often realise that most attacks rely on social engineering,” added Kruger. “By constantly updating and conducting drills, organisations can strengthen their cybersecurity defences and maintain a state of preparedness.”

Key benefits of attack scenario drills include:

The effectiveness of current controls are tested and their resistance against cyberthreat actors and risks assessed. Validating those controls from the adversary’s perspective is key to determining if the solutions are correctly configured and if they work well together to create a defensible layer.
Previously unidentified security gaps are identified. Know what you don’t know. The outcomes of the attack scenarios might highlight security gaps. This proactive approach demonstrates how gaps could be exploited, and what counter-measures can be implemented.
Language barriers are broken down. Discussing different cyberattack scenarios with technical, management and business executives creates a common language. Questions like, “If this happens, then what?” are asked, and multiple perspectives help executives to understand the risks and the business better.
Architectural security design flaws are exposed. Determining if the overall architecture is designed to restrict threat actors’ movement and manoeuvring abilities is vital. Having a strict architecture forces the adversary into an environment controlled by the business and allows for easier threat prevention, detection and response.
The business is prepared for various cyberattacks. Businesses often face cyber breaches, and crisis management unfolds. Communication channels are broken and incident response coordination is in complete chaos. Continuously simulating cyberattack scenarios helps organisations prepare. Cyber drills enhance technical controls, business communication and inter-organisational coordination.

NEC XON Systems urges organisations to adopt a holistic approach and proactively address threats to stay one step ahead of cybercriminals.

About NEC XON Systems
NEC XON Systems is a leading African integrator of ICT solutions and part of NEC, a global Japanese firm. The company has operated in Africa since 1963 and delivers communications, energy, safety, security and digital solutions. It co-creates social value through innovation to help overcome serious societal challenges. The organisation operates in 54 African countries and has a footprint in 16 of them. Regional headquarters are located in South, East, and West Africa. NEC XON Systems is a level 1-certified broad-based black economic empowerment business. Learn more at www.nec.xon.co.za.