Security News > 2020 > August > Weak and infrequent cyber-crisis training is leaving companies vulnerable, new research says
Almost 40% of senior security leaders said that when they held crisis exercises, there was inaction from the business and those most critical in crisis were missing in cybersecurity training.
"In the first 30-minutes of a crisis, it is highly unlikely you're thinking of your plan. It's the real-life, crisis simulation training that prepares organizations to effectively respond to security incidents. Micro-drills, or very focused exercises, designed to address particular risks, must make their way into the mix. Much like exercising to stay fit, this needs to happen with regularity in dynamic environments, and involve all the right people, in order to keep current and be effective."
Many companies overlook "The human element of the cyber equation" in crisis response exercises: Only 15% focused on stress-tests on human-cyber readiness.
"With three-quarters of organizations agreeing that business continuity was at the forefront of their minds, it is time to close the gap between attackers and defenders and shake up the outdated status quo. This requires faster, shorter crisis drills run with the people you will be standing shoulder to shoulder with when the worst happens. Crisis exercises must be made more contemporary."
Immersive also announced the release of the Cyber Crisis Simulator, delivered through a browser, and provides a resource for consistently improving and measuring cyber awareness.