paint-brush
Treat Your Cybersecurity Drills Like Fire Drillsby@zacamos
1,479 reads
1,479 reads

Treat Your Cybersecurity Drills Like Fire Drills

by Zac AmosDecember 12th, 2022
Read on Terminal Reader
Read this story w/o Javascript

Too Long; Didn't Read

Cybercrime is on the rise, and businesses must educate their workers by running cybersecurity drills. Employers can monitor how fast they resolve the situation and provide helpful tools for future scenarios. Drills can simulate an attack on a website, network or host without causing system damage or data loss. By educating their employees about protecting sensitive databases, companies can better prepare to handle a security breach.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Treat Your Cybersecurity Drills Like Fire Drills
Zac Amos HackerNoon profile picture

When the smoke alarm goes off, most employees know exactly where to go and how to act — after all, they’ve practiced that scenario many times.


But in the case of network breaches, people tend to panic or overlook the issue entirely because they’ve never had formal training. That’s why businesses must educate their workers by running cybersecurity drills.

Cybercrime Is on the Rise

Hacking rates exploded in 2020 and have been rising steadily ever since. In 2020 alone, the FBI reported $4.2 billion in total corporate and personal losses due to cybercrime. That equates to $700 million more stolen than in the previous year.


Today, more people are working from home than ever — many of them using weak security measures — and more people are online in general.


This opens the door for threat actors to use phishing attacks, social engineering, and other malicious strategies to exploit people. Hackers may access computer systems at the network, endpoint, application, or server level.


It isn’t a matter of if a cyberattack will happen, but when. In 2021, 14 of 16 critical infrastructure sectors fell victim to ransomware attacks. Hackers targeting infrastructure can disrupt everything from individual HVAC systems to the entire country’s food supply chain.


Strong network security is paramount for organizations that handle personal or financial data.


By educating their employees about protecting sensitive databases, companies can better prepare to handle a security breach and prevent it from incurring significant damage.

How to Run Cybersecurity Drills

Here are some exercises to tackle different scenarios involving security breaches. Some of them work best if they’re scheduled, as employees will need plenty of time to work on them and they’ll disrupt normal office functions. Others should be spontaneous to catch people off guard.


Employees can divide into two teams, with one playing the hackers and the other trying to fix or prevent the security breach.


After completing the drills, employers should conduct a training session to get everyone up to speed on good cybersecurity practices. They should discuss what employees did well and what they could have done differently.

1. Denial of Service (DoS) Attack

This exercise targets the IT department in particular. A DoS drill can simulate an attack on a website, network, or host without causing system damage or data loss.


It replicates the conditions that would happen during an actual DoS attack — unbearably slow or inaccessible systems that massively impair performance.


The IT team should notice and respond to the drill quickly. Employers can monitor how fast they resolve the situation and provide helpful tools for future scenarios.

2. Physical Intrusion

The hacker team has USB drives that upload a fake malicious code when inserted into a computer. When a member of the other team’s computer is left unattended, the hackers should try their best to upload the software onto it.


This will only work if the computer is left unlocked while the user is away, so it tests how well people guard their workstations.

3. Tabletop Exercises

This drill is straightforward. Employees gather around a table and simply run through security drills on paper, explaining what they think they should do during a cyberattack.


Then, their manager and IT department can present the best protocols and who to contact in an attack. Tabletop drills take very little time and don’t disrupt online services.

4. Adding an Unauthorized Device

The hacking team will bring in an external device — such as a computer or tablet — and add it to the network. The IT department should notice the unauthorized device quickly and work to remove it. They should also try to locate the physical device and unplug it.


The unauthorized device represents a malicious computer inconspicuously brought inside the building, which could threaten security.

5. Phishing Exercises

A phishing attack involves sending someone a malicious link. When the unsuspecting person clicks the link — which usually looks harmless or appears to be from somebody they know — their computer may become infected.


Or, the link leads to a legitimate-looking page asking for the person’s information, which the hacker can then steal.


A cybersecurity drill could involve sending staff an email that contains a link, then seeing how many of them click on it — or, worse yet, input their information on the landing page. The link will alert the testing team when someone opens it.

6. Spearphishing Exercises

This is a form of targeted phishing. The hacking team should tailor their messages to trick specific people, such as by pretending to be someone’s manager and using the employee’s name and personal details in the email.


As with the generic phishing exercise, the testing team will know who clicked the link and whether they input their credentials on the form.


This cybersecurity drill works best if the recipients don’t know about it. Perhaps quite obviously, an email arriving at a scheduled time isn’t likely to fool anybody.

Good Security Practices

In addition to running cybersecurity drills, businesses should use the following strategies to minimize their chances of being hacked:


  • Back up data frequently and keep offline copies of the backups.
  • Use unique, hard-to-guess passwords for every account.
  • Change passwords frequently.
  • Regularly audit administrative accounts.
  • Use a password manager to generate encrypted passwords that have a mix of letters, numbers, symbols, and upper and lower case letters.
  • Enable two-factor authentication.
  • Disable remote access and unused RDP ports.
  • Disable hyperlinks from email addresses outside the organization and add a banner to unknown senders.
  • Use network segmentation.
  • Use secure networks rather than public Wi-Fi.
  • Install antivirus software on all devices and keep it up to date.
  • Implement a zero-trust security model with a least-privilege principle.


These methods aren’t foolproof but taken together, they pose a formidable challenge for threat actors.

Preventing Cyberattacks

Preventing data breaches isn’t just the IT department’s job — everyone has to be on guard.


By implementing robust cybersecurity methods and using practice drills, businesses can better prepare in case a cybercriminal tries to mount an attack, and employees will feel more confident in their IT skills.