Don’t panic! Knowledge, skill and judgment are key to cybersecurity responses

Humans are often the weak link in the cybersecurity chain, but it’s human capabilities that are also key to dealing with attacks and their aftermath, according to a new report from Immersive Labs.

The inaugural Cyber Workforce Benchmark report analyzed cyber knowledge, skills and judgment from over half a million exercises and simulations run by more than 2,100 organizations over the last 18 months.

The findings show that it takes over three months (96 days) on average to develop the knowledge, skills and judgment to defend against breaking threats. But this contrasts with the need for swift technical remediation.

The frequency of exercises to prepare for cyber issues varies widely across different sectors. Analyzing over 6400 crisis response decisions shows that technology and financial services companies prepare the most for cyber-attacks, running nine and seven exercises per year respectively. Critical national infrastructure organizations by contrast prepare the least, with just one exercise per year.

Ransomware attack is the crisis scenario that causes most uncertainty for response teams. When asked if they’d pay the ransom, 83 percent of all organizations chose not to, however, 18 percent of government crisis response teams did, despite this often being against official guidance.

Understanding how people respond in a crisis is important to managing the situation says Rebecca McKeown, director of human sciences at Immersive Labs:

There’s a tiny part of the brain called the amygdala, and that’s the bit that’s responsible for your fight or flight reaction. So of course, you get into a crisis situation, you’ve got to act quickly, there are massive consequences and adrenaline kicks in. Therefore what happens is what we call ‘cognitive narrowing’, your brain can’t take on board everything that’s going on. It knows it’s an emergency. So it just narrows right down to focus on a certain set of points, things are relevant, and just automatically shuts out a whole load of information.

It’s not that easy to stop and take a step back because your whole body and your limbic system is telling you, you’re in fight mode. So it’s learning really how to recognize when you go into that mode, with military people it’s called being ‘left of bang’. The way that you do that is partly with regular practicing, but also it’s about the conversations that you have after that practice, because that’s where the learning is done, when things have calmed down and you can reflect on what happened.

The full report is available from the Immersive Labs site.

Photo credit: Marcos Mesa Sam Wordley / Shutterstock

Author: Martha Meyer