Importance of holistic corporate simulated attack scenarios

Issue 4 2023 Editor's Choice, Information Security

As cyberthreats relentlessly grow in sophistication, cybersecurity programmes need to adopt a more holistic approach that encompasses simulated attack scenarios beyond just technology, according to Armand Kruger, Head of Cyber Security at NEC XON Systems.


Armand Kruger.

Why? Because the impact of cybercrime goes beyond IT. Cybercrime’s annual impact on SA is estimated at R2,2 billion according to a recent statement by Billy Petzer, Research Group Leader: Cybersecurity Systems, at the Council for Scientific and Industrial Research (CSIR).

Kruger points out that cyberattacks affect business processes, not just IT software and infrastructure. Current corporate cyberattack simulations often focus solely on technical aspects, leaving a significant gap in preparedness. By integrating business leaders into planning and thinking, holistic scenarios enable organisations to consider implications beyond technology, ultimately enhancing their cybersecurity readiness,” Kruger says.

"I was recently in an incident response scenario where the company was infiltrated by ransom operators," recounts Kruger. "Through an open executive discussion in the boardroom, we were able to comfortably communicate in business language and explore 'what if' scenarios. This natural environment allowed executives to discover the implications for themselves, leading to improved executive buy-in and a better understanding of the necessary cybersecurity budget and resource allocation."

“NEC XON Systems, for example, runs attack scenarios that not only delve into the tactics employed by ransomware operators but also consider the broader business context and its implications,” says Kruger. Questions such as ‘How would we react if ransomware actors attacked?’ and ‘Do all business players understand their roles in such an event?’ are crucial to building a comprehensive response strategy. The scope extends beyond IT departments, involving teams like PR and communications to address external messaging and media engagement. It is vital for cybersecurity plans to incorporate these facets and not solely focus on the technical aspects.

Procurement, the forgotten cyberattack response process

One often overlooked area in simulated attack scenarios is procurement, which plays a crucial cybersecurity role and needs mature processes in the event of an incident. To address the urgency of cybersecurity incidents, organisations should incorporate emergency spend workflows into their procurement processes, enabling quick and efficient allocation of resources within 24 hours instead of slow processes that take weeks or months.

Effective cybersecurity involves two main stages: incident response and crisis management. NEC XON Systems emphasises the importance of thorough preparation for incident response, noting that companies often neglect this critical aspect and go directly into crisis mode.

Prepare like the military

"Preparing for cyberthreats is akin to military training, where practice makes perfect," states Kruger. "Our goal is to ensure that cybersecurity teams know exactly what to do when faced with an attack."

By incorporating cyberattack scenarios into their operations, businesses can better prepare themselves in two critical areas: communication and coordination. This approach not only identifies previously unidentified security gaps and architectural flaws, but also creates a controlled environment to neutralise threats and maintain business continuity. It also helps organisations to quantify business risks and align stakeholders on appropriate response strategies.

"Businesses face cyber cartels, and through our process, executives often realise that most attacks rely on social engineering," adds Kruger. "By constantly updating and conducting drills, organisations can strengthen their cybersecurity defences and maintain a state of preparedness."

Some of the key benefits of attack scenario drills include:

• Tests the effectiveness of your current controls and safeguards: How resistant are they against cyber threat actors and risks? Validating those controls from the adversary's perspective is key to determining if the solutions are correctly configured and if they work well together to create a defensible layer.

• Identifies previously unidentified security gaps: Know what you don't know. The outcomes of the attack scenarios might highlight security gaps. This proactive approach demonstrates how gaps could be exploited, and what countermeasures can be implemented.

• Breaks down language barriers: Discussing different cyberattack scenarios with technical, management, and even business executives creates a common language. Questions like ‘If this happens, then what?’ are asked, and multiple perspectives help executives to understand the risks and the business better.

• Pinpoint architectural security design flaws: Determining if the overall architecture is designed in terms of the ability to restrict threat actors' movement and manoeuvring abilities is vital. Having a strict architecture forces the adversary into an environment that is controlled by the business and allows for easier threat prevention, detection, and response.

• Prepares the business for different cyberattacks: Businesses often face cyber breaches, and crisis management unfolds. Communication channels are broken, and incident response coordination is in complete chaos. Continuously simulating cyberattack scenarios helps organisations prepare. Cyber drills enhance technical controls, business communication, and inter-organisational coordination.

NEC XON Systems urges organisations to adopt a holistic approach and proactively address threats to stay one step ahead of cybercriminals.

Find out more at www.nec.xon.co.za




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

South African fire standards in a nutshell
Fire & Safety Editor's Choice Training & Education
The importance of compliant fire detection systems and proper fire protection cannot be overstated, especially for businesses. Statistics reveal that 44% of businesses fail to reopen after a fire.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
LidarVision for substation security
Fire & Safety Government and Parastatal (Industry) Editor's Choice
EG.D supplies electricity to 2,7 million people in the southern regions of the Czech Republic, on the borders of Austria and Germany. The company operates and maintains infrastructure, including power lines and high-voltage transformer substations.

Read more...
Standards for fire detection
Fire & Safety Associations Editor's Choice
In previous articles in the series on fire standards, Nick Collins discussed SANS 10400-T and SANS 10139. In this editorial, he continues with SANS 322 – Fire Detection and Alarm Systems for Hospitals.

Read more...
Wildfires: a growing global threat
Editor's Choice Fire & Safety
Regulatory challenges and litigation related to wildfire liabilities are on the rise, necessitating robust risk management strategies and well-documented wildfire management plans. Technological innovations are enhancing detection and suppression capabilities.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Corporate and academic teams can register for Kaspersky contest
Kaspersky News & Events Information Security
Kaspersky has announced the registration opening for its new Kaspersky{CTF} (Capture the Flag) competition, inviting academic and corporate teams from around the globe to compete in a battle of skill, strategy and innovation.

Read more...
Continuous security optimisation.
News & Events Information Security
Cymulate has announced its partnership with SentinelOne, a threat exposure validation and AI-powered cybersecurity platform. The collaboration delivers self-healing endpoint security that empowers businesses to increase protection for every endpoint on their network.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.