Lessons Learned: Wargaming Your Incident Response Plan

Data breaches and cyber incidents made headlines again recently with the announcement that 50 million Facebook accounts were compromised as well as the SEC’s issuance of sanctions against a dual registrant stemming from the firm’s response to phishing attacks. So it was both timely and fitting that U.S. intelligence community veteran Jeff Welgan, Executive Director and Head of Executive Training Programs at Cybervista, kicked off the CSS compliance conference in San Diego with an interactive workshop on incident response, “Cyber Incidents and Response: Keeping Cool in the Line of Fire.”

Joining Mr. Welgan was E.J. Yerzak, Director of Cyber IT Services at CSS, who provided context for the wargaming workshop by discussing the current cybersecurity landscape. Mr. Yerzak noted that phishing continues to be the leading attack vector as people are the biggest cyber risk and even smart people can make mistakes when it comes to security awareness. In addition, malware continues to evolve as hackers try to stay one step ahead of detection capabilities.

Since it only takes one employee to compromise a firm, testing your incident response plan with tabletop exercises and wargaming under time constraints is key to avoiding complacency and maintaining the ability to think critically during a crisis. Mr. Welgan gave each attendee a very specific role to play at a fictitious firm, placing them directly in the data breach scenario as it unfolded, and challenged attendees to step outside their comfort zones in making critical decisions quickly while balancing competing business priorities and incorporating new facts.

Attendees rose to the challenge and helped navigate their fictitious firm through its incident response and recovery efforts. And in the process, the wargaming workshop revealed some helpful takeaways for firms to consider going forward, including:

  • Paying a bitcoin ransom is generally not a good idea, but some firms do pay it if the cost-benefit analysis tilts in favor of that action
  • Cyber incidents can rapidly increase in scope and complexity as additional facts are learned
  • The costs of a cyber incident can range from financial payout (ransom) to downtime, lost productivity, forensic investigation costs, and repair and recovery costs, as noted in the SEC’s Interpretive Guidance on Cybersecurity Disclosure from Feb. 2018

Coordination of response efforts involves multiple roles and perspectives, but ultimately, someone must make a decision and be sufficiently authorized to put it in motion.


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Loading form...

Latest Content

Tips to Prevent an SEC OCIE Investment Adviser Exam from Going Bad

Strategies to employ when an SEC OCIE adviser exam goes bad drew a great crowd at the recent CSS Ascendant Fall Compliance Conference. Proactively pointing an exam in the right direction was a consistent theme, summarized by the familiar refrain: “There is no substitute for preparation.” A few keys to note if you find your … Continued

Giving Voice to Values: A New Approach to Ethics

The “Giving Voice to Values” program grew out of Professor Mary Gentile’s frustration of what was going on in both the financial industry and in higher education. She was frustrated and angry about the poor way that ethics was being taught in universities and applied in real-world scenarios. What developed out of her frustration is … Continued

Tips for Developing a Tailored Private Fund Compliance Calendar

As regulatory concerns proliferate and become more complex, developing and monitoring your “to-do” list becomes of paramount importance.  John Gentile, the Director of Private Fund Manager Services for Compliance Solutions Strategies and Michael Emanuel, a Partner at Stroock & Stroock & Lavan LLP provided attendees of the recent CSS 2019 Fall Conference some insight into … Continued