Importance of holistic corporate simulated attack scenarios

Issue 4 2023 Editor's Choice, Information Security

As cyberthreats relentlessly grow in sophistication, cybersecurity programmes need to adopt a more holistic approach that encompasses simulated attack scenarios beyond just technology, according to Armand Kruger, Head of Cyber Security at NEC XON Systems.

Armand Kruger.

Why? Because the impact of cybercrime goes beyond IT. Cybercrime’s annual impact on SA is estimated at R2,2 billion according to a recent statement by Billy Petzer, Research Group Leader: Cybersecurity Systems, at the Council for Scientific and Industrial Research (CSIR).

Kruger points out that cyberattacks affect business processes, not just IT software and infrastructure. Current corporate cyberattack simulations often focus solely on technical aspects, leaving a significant gap in preparedness. By integrating business leaders into planning and thinking, holistic scenarios enable organisations to consider implications beyond technology, ultimately enhancing their cybersecurity readiness,” Kruger says.

"I was recently in an incident response scenario where the company was infiltrated by ransom operators," recounts Kruger. "Through an open executive discussion in the boardroom, we were able to comfortably communicate in business language and explore 'what if' scenarios. This natural environment allowed executives to discover the implications for themselves, leading to improved executive buy-in and a better understanding of the necessary cybersecurity budget and resource allocation."

“NEC XON Systems, for example, runs attack scenarios that not only delve into the tactics employed by ransomware operators but also consider the broader business context and its implications,” says Kruger. Questions such as ‘How would we react if ransomware actors attacked?’ and ‘Do all business players understand their roles in such an event?’ are crucial to building a comprehensive response strategy. The scope extends beyond IT departments, involving teams like PR and communications to address external messaging and media engagement. It is vital for cybersecurity plans to incorporate these facets and not solely focus on the technical aspects.

Procurement, the forgotten cyberattack response process

One often overlooked area in simulated attack scenarios is procurement, which plays a crucial cybersecurity role and needs mature processes in the event of an incident. To address the urgency of cybersecurity incidents, organisations should incorporate emergency spend workflows into their procurement processes, enabling quick and efficient allocation of resources within 24 hours instead of slow processes that take weeks or months.

Effective cybersecurity involves two main stages: incident response and crisis management. NEC XON Systems emphasises the importance of thorough preparation for incident response, noting that companies often neglect this critical aspect and go directly into crisis mode.

Prepare like the military

"Preparing for cyberthreats is akin to military training, where practice makes perfect," states Kruger. "Our goal is to ensure that cybersecurity teams know exactly what to do when faced with an attack."

By incorporating cyberattack scenarios into their operations, businesses can better prepare themselves in two critical areas: communication and coordination. This approach not only identifies previously unidentified security gaps and architectural flaws, but also creates a controlled environment to neutralise threats and maintain business continuity. It also helps organisations to quantify business risks and align stakeholders on appropriate response strategies.

"Businesses face cyber cartels, and through our process, executives often realise that most attacks rely on social engineering," adds Kruger. "By constantly updating and conducting drills, organisations can strengthen their cybersecurity defences and maintain a state of preparedness."

Some of the key benefits of attack scenario drills include:

• Tests the effectiveness of your current controls and safeguards: How resistant are they against cyber threat actors and risks? Validating those controls from the adversary's perspective is key to determining if the solutions are correctly configured and if they work well together to create a defensible layer.

• Identifies previously unidentified security gaps: Know what you don't know. The outcomes of the attack scenarios might highlight security gaps. This proactive approach demonstrates how gaps could be exploited, and what countermeasures can be implemented.

• Breaks down language barriers: Discussing different cyberattack scenarios with technical, management, and even business executives creates a common language. Questions like ‘If this happens, then what?’ are asked, and multiple perspectives help executives to understand the risks and the business better.

• Pinpoint architectural security design flaws: Determining if the overall architecture is designed in terms of the ability to restrict threat actors' movement and manoeuvring abilities is vital. Having a strict architecture forces the adversary into an environment that is controlled by the business and allows for easier threat prevention, detection, and response.

• Prepares the business for different cyberattacks: Businesses often face cyber breaches, and crisis management unfolds. Communication channels are broken, and incident response coordination is in complete chaos. Continuously simulating cyberattack scenarios helps organisations prepare. Cyber drills enhance technical controls, business communication, and inter-organisational coordination.

NEC XON Systems urges organisations to adopt a holistic approach and proactively address threats to stay one step ahead of cybercriminals.

Find out more at

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The human factor side of video management systems
Leaderware Editor's Choice Surveillance Risk Management & Resilience
A video management system (VMS) is central to, and the most vital element to any control room operation using CCTV as part of its service delivery, however, all too often, it is seen as a technical solution rather than an operational solution.

Get the basics right to win more business
ServCraft Editor's Choice Risk Management & Resilience
The barriers to entry in security are not high. More people are adding CCTV and fencing to their repertoire every year. Cowboys will not last long in a space where customers trust you with their safety.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Global strength, local craft
Impro Technologies Editor's Choice
Impro Technologies is a resounding success story. Started in South Africa, the company remains true to its roots and still designs and manufactures its access control systems and solutions in the country.

Trellix detects collaboration by cybercriminals and nation states
News & Events Information Security
Trellix has released The CyberThreat Report: November 2023 from its Advanced Research Centre, highlighting new programming languages in malware development, adoption of malicious GenAI, and acceleration of geopolitical threat activity.

SA enterprises can benefit from AI-driven cybersecurity
AI & Data Analytics Information Security
Cybercrime is big business, and threat actors deploy cutting-edge tools to carry out attacks. Fortunately, cybersecurity is constantly evolving to meet and counter the threats they face.

South Africans play a role in becoming scam victims
Editor's Choice Risk Management & Resilience
The South African fraud landscape is becoming increasingly risky as fraudsters and scammers look to target individuals with highly sophisticated scams, in an environment where it is becoming increasingly difficult for lawmakers and authorities to bring these criminals to justice.

Africa Online Safety Fund announces grant winners
News & Events Information Security
The Africa Online Safety Fund (AOSF) has announced the winners of this year’s grants; among them are five organisations operating in South Africa to educate people about online risks.

Service orientation and attention to detail
Technews Publishing Editor's Choice Risk Management & Resilience
Lianne Mc Hendry evolved from working for an accounting firm to an accomplished all-rounder familiar with the manufacturing, distribution, and system integration aspects of the security industry value chain.