You never really know how good a plan is until you test it. In the case of a cybersecurity attack, a failure to test your plan could leave your company open to a wide assortment of harmful effects, from loss of data, damage to reputation, or even lawsuits. To help ensure the robustness of any such cybersecurity strategy, vice president of managed services at VirtualArmour Andrew Douthwaite offers recommendations for two potential approaches to testing:
- Tabletop exercises allow for working through various scenarios with all stakeholders, to check for preparedness, comprehensiveness, and potential gaps in knowledge or readiness. These scenarios can take the form of either reacting to a specific event as company representatives, or prodding the existing plan to spot holes as outsiders. The emphasis for each scenario can be changed, to shift focus between types of attacks and differing scales.
- Penetration testing involves bringing in white hat hackers to probe systems from both internal and external points to identify possible concerns, using a variety of techniques. Results of any testing should be compiled into a report identifying areas of both strength and weakness, as well as recommendations on addressing any weaknesses found.
While not the only techniques available for ensuring your cybersecurity strategy is a comprehensive one, these two approaches can help to minimize any gaps or potential exposure.
Source:
