This post is also available in: עברית (Hebrew)
Earthquakes, natural disasters, floods or snow storms, fires, cyber attacks, damaged databases. All these could happen to any organization, and it’s no secret that this type of events seriously damage business and operational continuity.
There’s isn’t any wonder cure to handle these incidents, except one: Being prepared, very well prepared. And an important part of these preparations are drills, in which various scenarios are simulated so that personnel will know how to act during emergencies.
Comsec, an IT security and risk management consulting firm, advises hundreds of organizations in Israel and around the world. Its clients include banks, financial institutions and technological organizations. Ami Braun, VP of Cyber Solutions, explained the significance of events which disrupt business continuity: “They cause damage to the system. It becomes much more difficult to serve customers, leading in turn to loss of revenue and reputation. Managing emergencies requires the formation of emergency procedures, and the best tool for that are drills and simulations. When the organization plans drills during routine operations personnel are calm and relaxed. They can suggest and prioritize responses, probable scenarios and even extreme scenarios. In this way organizations can prepare for unexpected emergencies, which are usually local or national events: Natural disasters, sabotage or cyber attacks.”
An important part of any drill is simulation, defined as imitating real-world processes over time. This gives the ability to simulate what might happen during emergencies, how to respond and how to cope.
Comsec offers a unique product, the Com Simulator, a system designed to aid organizations in practicing real-time decision making and work processes, in addition to virtual-reality business continuity and cyber attack challenges. The simulation is a multi-participant role playing game based in a dynamic and flexible environment, which allows for simulating cyber- and business continuity emergencies and later analyzing of the events. Simulations are prepared, deep and rich in detail, in order to create dynamic relations between participants.
Ami Braun added: “The goals of the simulation are to review, to make sure and to question whether various elements in the organization are indeed prepared to handle threats to business continuity, to reach new insights and to draw a proper response plan. Additional goals are: Preparing and training these elements to act and respond to events; to identify, map and define new expected events by simulating extreme situations.”
The drills themselves are similar to military drills: There’s a blue team and there’s a red team; there’s a command center and there are judges; and there are, of course, guides and participants. Who are the players in the simulation? Anyone who is close to the organization – suppliers, subsidiaries, relevant government offices, regulators, competitors, customers, the public and the media. Senior decision makers are also players, directors of finances, sales and marketing, for example.
Drills have four stages:
- Initial debrief on the day of the drill
- Extensive inquiry, drill summary
Ami Braun: “Our system of drills has its benefits, but it also has its flaws. The most significant benefits are real time control and monitoring, in addition to advanced processing and analysis capabilities. This is a platform capable of simulating dynamic events and organizational dilemmas, in addition to facilitating interaction between the players. The main flaw is long prep times. The drill itself lasts for an entire day, and may even last for up to three days. This requires a significant investment. Still, it has been proven that the benefits outweigh the flaws. The preparation, drilling and inquiry stages are the best tools we have at our disposal in order to prepare organizations for rainy days, when business and operational continuity are at risk.”