Emergency Drills for Cyber Attacks, Promoted in Northern New Zealand
In the real world, emergency response teams regularly perform drills in order to train their staff on how to act in case a real emergency occurs. These drills enable first responders to remain knowledgeable of the strict procedures, especially in the area of saving lives, rescuing those that are currently in trouble and application of relevant first-aid treatments. Many nations have adopted emergency drills for fires, earthquakes and other unforeseen natural events, but none to prepare for a cyber attack, until now.
Dubbed “hot chili”, the Northern region of New Zealand’s health industry have reached an understanding that a cyber attack drill is very much needed in the wake of major malware attack last year, spearheaded by ransomware authors. This healthcare alliance is being led by the HealthAlliance’s Simon Long, the group’s Systems Operation Manager. He disclosed to the public that “hot chili”, simulates the attacks through mock downtimes across participating email systems, wifi network malfunctions and pretend data breaches, to recreate a scenario of emergency for a participating healthcare institution.
The disclosure was done in the recently concluded 2018 HiNZ Conference last Nov 23, the drill as mentioned by Long was a success with the strong participation of healthcare institutions from Auckland, Northland, Manukau, and Waitemata. The simulations conducted were very timely as the healthcare industry has been a favorite target of cyber attacks and data breaches for the last two years, especially last year during the height of the widespread growth of ransomware cases.
“The objective was to create, test and improve a regional view of business continuity and the recovery capability. It was a really interesting day for everybody involved,” explained Long in his HiNZ keynote address.
The closest thing to “hot chili” that any organization can emulate is through a process called penetration testing. It is a specialized service, which can be conducted by either a very knowledgeable internal IT team or external group of for-hire ethical hackers, simulating various forms of cyber attacks against a corporate network and computer setup.
The adaption of such a strategy to create the nearest “simulation” of an IT emergency is nothing new, but only a few companies regularly conduct it due to the issue of cost. The problem in the nutshell is companies see it as an added burden to the company’s bottom line. However, the new generation of system administrators and IT executives have the awareness that penetration testing is not a corporate cost, but rather an ‘investment’. A future where a company’s risk of being targeted is dramatically lessened, if not nullified is money well spent by any company, regardless if it is a Fortune 500 Enterprise or an SME (Small and Medium Enterprise).
Businesses are growing due to good business, and news of a company falling victim to cyber attacks, data breach or virus infection will be very harmful to the brands they represent. These brands may or may not survive the shrinking consumer confidence at the wake of the attack. Hence, pen testing is not just an ‘optional solution’, but rather similar to real-life drills of emergency responders, in order to keep themselves reliable and skilled enough to handle troublesome situations.