Lessons Learned: Wargaming Your Incident Response Plan

Data breaches and cyber incidents made headlines again recently with the announcement that 50 million Facebook accounts were compromised as well as the SEC’s issuance of sanctions against a dual registrant stemming from the firm’s response to phishing attacks. So it was both timely and fitting that U.S. intelligence community veteran Jeff Welgan, Executive Director and Head of Executive Training Programs at Cybervista, kicked off the Ascendant/CSS compliance conference in San Diego with an interactive workshop on incident response, “Cyber Incidents and Response: Keeping Cool in the Line of Fire.”

Joining Mr. Welgan was E.J. Yerzak, Director of Cyber IT Services at CSS, who provided context for the wargaming workshop by discussing the current cybersecurity landscape. Mr. Yerzak noted that phishing continues to be the leading attack vector as people are the biggest cyber risk and even smart people can make mistakes when it comes to security awareness. In addition, malware continues to evolve as hackers try to stay one step ahead of detection capabilities.

Since it only takes one employee to compromise a firm, testing your incident response plan with tabletop exercises and wargaming under time constraints is key to avoiding complacency and maintaining the ability to think critically during a crisis. Mr. Welgan gave each attendee a very specific role to play at a fictitious firm, placing them directly in the data breach scenario as it unfolded, and challenged attendees to step outside their comfort zones in making critical decisions quickly while balancing competing business priorities and incorporating new facts.

Attendees rose to the challenge and helped navigate their fictitious firm through its incident response and recovery efforts. And in the process, the wargaming workshop revealed some helpful takeaways for firms to consider going forward, including:

  • Paying a bitcoin ransom is generally not a good idea, but some firms do pay it if the cost-benefit analysis tilts in favor of that action
  • Cyber incidents can rapidly increase in scope and complexity as additional facts are learned
  • The costs of a cyber incident can range from financial payout (ransom) to downtime, lost productivity, forensic investigation costs, and repair and recovery costs, as noted in the SEC’s Interpretive Guidance on Cybersecurity Disclosure from Feb. 2018

Coordination of response efforts involves multiple roles and perspectives, but ultimately, someone must make a decision and be sufficiently authorized to put it in motion.

Related Content

Latest Content

Custody Concerns Continue

You timely filed your Form ADV within 90 days of fiscal year end, but did you properly answer all the questions related to custody? Not surprisingly, the Form remains confusing for many advisers, as does application of the Custody Rule itself. The SEC has issued guidance, letters to the industry, alerts and FAQs, but things … Continued

Blockchain Isn’t Hot Sauce

Guest post by Samson Williams, Partner – Axes & Eggs and Keynote Speaker – Ascendant CSS Spring 2019 Conference  I started telling people that blockchain isn’t hot sauce in mid-2017 to help explain why initial coin offerings (ICOs) were just the latest form of unregulated, online gambling. In November 2017, with Bitcoin nearing a high … Continued

The Importance of Effective ADV Disclosure: Staying Ahead of the Regulators

This ComplianceCast will discuss how firms can mitigate risk by having effective disclosure in their Form ADV Brochure. Our panelists will be CSS Ascendant Senior Consultant Ariana Monchick and Jessica Matelis, Partner at Foley & Lardner and former Senior Counsel at the SEC Division of Enforcement. They will discuss: Required disclosures The types of conflicts … Continued

Regulation Best Interest, Cybersecurity Top Concerns at IAA 2019 Compliance Conference

The Investment Adviser Association (IAA) represents the interests of investment advisers in Washington D.C., and the IAA Investment Adviser Compliance Conference 2019 was a forum for the discussion of future potential rulemaking. Cybersecurity and Fiduciary Rule considerations were headline topics, with custody and marketing right behind. The following is a summary of key issues discussed … Continued

The Challenges of Building a Global Compliance Program

Compliance programs face challenges in balancing global requirements with local exceptions while incorporating the fast pace of regulatory change, addressing critical business needs and obtaining the necessary resources necessary to manage the program. Trends and thinking on the subject were center stage at the recent CSS London event “Looking at the Year Ahead – Global … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.