Playbook Objectives:
- The primary objective of this playbook is to eradicate any potential security threats and fortify the network of the company.
- The playbook will build the capabilities to identify, combat, and mitigate security vulnerabilities and will also help enhance the skills and capabilities of the IT department of the company.
- The ultimate goal is to secure the company’s data resources from any potential cyber-attacks.
Difficulty level:
- The difficulty level of this cybersecurity exercise is intermediate since it would need a basic understanding of cybersecurity concepts, attack vectors, and defense mechanisms combined with some practical application of these concepts.
Scenario:
- In the wake of the COVID-19 pandemic, ‘HealthWay,’ a leading health company in the U.S., has been forced to implement remote working for the majority of its employees.
- The company’s 1500 members are currently spread across different geographical locations and are dependent on cloud services for their daily tasks. The sudden push to remote work created a problem for the onboard IT security team.
- They realized the varied security risks that come with remote working. The challenge now is managing and securing the data that is being accessed from different locations, devices, and networks, as it is crucial for maintaining the company’s integrity and reputation.
- In an effort to tackle these cyber threats, the company has decided to undertake a cyber range exercise. The IT department has put together a Remote Worker Security Challenges Playbook to simulate the potential threats and work on a concrete solution.
Category:
- This exercise falls under the category of ‘Information Security and assurance.’ The focus is mainly on securing the information in transit and stored on cloud servers accessed by remote workers.
Exercise Attack Steps:
- Step 1: Threat Detection and Identification Simulate a typical Phishing attack that one of the employees might face while accessing company’s resources. The exercise starts with detecting phishing emails and other attack vectors which could lead to security breaches.
- Step 2: Anomaly Detection The next step would involve monitoring traffic to identify any anomalies which could indicate a potential breach or threat, like a sudden surge in data transfer or unauthorized login attempts.
- Step 3: Incident Response Once the threat has been detected and identified, the next step is response. This could be isolating the infected network or system, mitigating the attack, and ensuring minimal damage.
- Step 4: Damage Control and Recovery The focus will be on overcoming the breach or attack, recovering lost data if any, and restoring services and functionality.
- Step 5: Post Incident Analysis The final step involves evaluating the attack, how it was handled, lessons learned, and the measures to be taken to avoid such breaches in the future. The results from this analysis will help in further updating and strengthening the company’s defense systems.