President of Univention North America, making sure you stay in control of your data, your company and your future.

Since the end of 2023, the U.S. Navy has been battling missiles and drones fired from Yemen in the Red Sea. With the importance of autonomous ammunition increasing in naval conflicts, the military sees this as an excellent opportunity to refine its training and strategies to counter future threats.

While none of us have to deal with smart (and not-so-smart) missiles endangering military and commercial vessels, every organization and its IT department are facing a type of asymmetrical warfare that bears some similarities. Rapid advances in AI and the ever-increasing volume and sophistication of cyberattacks present an ongoing, almost incessant threat. Ignoring this threat means your organization might take a direct hit with devastating economic, albeit not lethal, consequences. And just like the Navy, we can use feedback loops, post-mortem analysis, and adaptive training as significant opportunities to grow our cyber resilience.

Let’s get a better sense of the advantages and disadvantages of feedback loops and how you can get started using them to improve cybersecurity inside your organization.

Keeping It Real: The Advantages Of Feedback Loops

Feedback loops as a method to improve your game with the help of training data from actual events has several advantages. The most significant one is the psychological impact. Telling yourself that “Our organization or a similar organization is facing this threat right now” is significantly more motivating than any hypothetical scenario. Current events appeal to our minds and therefore will keep us more engaged than fictitious or even historical scenarios.

Actual incidents, even if defensive actions failed, can still provide a host of data to find problems in the response. Were actions taken too slowly or too fast? Did we not consider systems or operations that were impacted? Did notification chains work?

The painful gaps between well-intentioned plans and reality will quickly be unmasked by the stressful experience of an emergency.

Blindsided: Feedback Loop Disadvantages

But as always with IT or cybersecurity, it’s not that easy. Dealing with current threats can quickly become a disadvantage, too, as these scenarios will usually leave out emerging issues that are not yet widespread.

While the Defense community has multiple research agencies such as DARPA to think about and proactively address future problems, most IT departments need to make do with the resources and insights they have available internally. As a result, it becomes more difficult and important for an organization to watch emerging technologies and changing landscapes.

Another thing to remember is that adaptive exercises need time and resources to be fully executed. While tabletop training or training modules can reduce the strain, they also reduce the efficiency compared to working on a copy of the production system.

Lastly, such a fire drill might not help a business find better alternatives as past actions heavily influence them. For example, if the IT department was responsible for incident communications to customers, repeating the exercise will deepen the behavior. It might not turn up the question of whether marketing isn’t better equipped to deal with the communication aspect of an incident.

Risk And Repeat: How To Get Started

Feedback loops need to start with an event. Your IT department might have a list of recent incidents and post-mortems, or your network of IT managers might be willing to share theirs. Some commercial providers sell detailed incident data and training kits as a last resort.

Once you have the data, breaking down the incidents into reasonable chunks and actions needs to be the first step. With data from outside your organization, you might need to adapt some of that data to fit your production environment. However, you should ensure that the captive story basic narrative behind these incidents doesn’t change.

Now, it’s time to do the first simulation. Let your team handle the data, look at the parts, and discuss the steps needed to handle such an incident. Try to encourage creative solutions. Look for ways to automate cybersecurity and the broader IT system to reduce the load on users and administrators. Find ways to remove complexity and determine whether or not there are jobs that IT can and should offload to other departments. Finally, document the procedures so anyone can look at them.

Once you and your team are happy with the results, take another incident and repeat the process. Each time, you are further refining the responses and learning opportunities.

When you think your team is ready, you can bring in a cybersecurity consultant to act as the red team—the one causing a new but controlled incident in your IT system. Depending on the team’s stress factors and loads, you can do it on a separate copy or the production system.

Both have their advantages and disadvantages and require preparation.

Once complete, return to the analysis and start the whole cycle over.

Never Done: Bank On Continuous Improvement

While there is no perfection when dealing with cybersecurity, practice will help you improve your position. It also helps to develop routines that will reduce stress and allow clearer heads to prevail. If nothing else, a change in how we approach incident evaluations and lessons learned can help employees in the IT department feel more engaged.

To date, no missile or drone in the Red Sea has hit a U.S. Navy vessel. While funding and technology play their part, training is the most crucial aspect in keeping the sailors and officers safe. The same is true for keeping our businesses protected from cyberattacks.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Share.
Exit mobile version