The exercises mimic the success of the WannaCry ransomware, are designed to mimic a cyber-attack against a major bank, and are intended to test the ability of businesses to withstand it. It has borrowed the approach of an increasing number of cyber ranges and looks at how the organisations IT security teams respond to an attack.
The FS-ISAC exercises were not just contained to the IT security team. They have a wider remit that includes crisis management. The big challenge, especially for a financial institution, is how to deal with the public response to an attack. Another challenge is how to bring the organisation back online again. This is more than just business continuity or disaster recovery. It requires an approach called cyber resiliency.
Regulators have had to allow cooperation to improve resiliency and this need for wider sharing of attacks and assistance once under attack is something that two of the FS-ISAC exercises focus on:
Cyber-Attack Against Payment Systems (CAPS) – This annual virtual exercise is aimed at payment companies, free to all regulated financial institutions in EMEA, Asia-Pacific and the Americas. Participating members benefit from testing their organisation’s readiness in case of an attack and free benchmarking against peers.
Cyber-Attack Against Insurance System (CIAS) – This virtual exercise simulates an attack on insurance companies to help gauge their readiness in the event of an incident. The exercise is available to all insurers via remote participation.
One of the benefits of the FS-ISAC exercises is cross-company and industry wide planning, as it allows organisations to share best practice when it comes to dealing with cyber-attacks.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now