“Awareness” isn’t enough
Cyber security is changing. It’s no longer enough to secure your systems and simply make your people ‘aware’. They have to know what to do. Training and testing your people is the only way to get real resilience, they’re the ones who react when your perimeters are breached.
Cyberpsychology 101
How does your team react under extreme pressure? Who takes the lead, who steps back, who are the influencers, who stays quiet, who is the most knowledgeable, who is ultimately responsible?
Our processes test and train cross-functional situational awareness and help teams prepare for the worst, from the basement to the board.
Types of Resilience
Active
Developing plans and scenarios to be able to respond to any crisis, and increasing organisational resilience over time
Preparing in advance to iterate and refine contingency plans
Using prepared plans for predictable attacks
Consciously and continually learning from experiences
Passive
Relying on technological barriers as the sole means of defense for external attacks and threats
Only investing in writing contingency plans when something goes wrong
Forcing the plan to fit the situation
Returning to the status quo as soon as possible
Industry Best Practice
ISO 22301:2019 emphasises the role of exercising your incident response and business continuity plans. You need to give evidence of your ability to show continual improvement in the competency of your incident response team.
ISO defines competence as the ability to apply knowledge and skills to achieve intended results
Backed by:
Energise your incident
response team.
Change your culture.
When crisis hits, your people need to be ready. Active resilience plays a massive role in company security. By training your employees and playing out plans, you’re turning them into fire breaks that defend your entire organisation.
Incident Response Team
UK Government Organisation
The virtual scenarios were easy to immerse yourself in.
Incident Response Team
UK Government Organisation
We loved being able to work collaboratively in real time on something with colleagues. Being observed, getting an outside perspective really helped us see how our team worked together.
Business Continuity Team
UK Government Organisation
Working with people from different cyber backgrounds gave good practice. It was a useful overview of how [a cyber incident] affects other parts of the business.
Incident Response Team
UK Government Organisation
[Cyberfish] helped me understand key priorities. The first presentation made me come out of my comfort zone.
Incident Response Team
UK Government Organisation
Coming from a more technical background, understanding cyber response from a managerial standpoint was extremely useful
Incident Response Team
UK Government Organisation
Interesting and immersive way of training in a novel setting. Understanding new cases and themes was exciting. It was an engaging way to spend the day, and was managed very well.
Test your
resilience now.
Our immersive incident exercising scenarios provide comprehensive analyses of your team’s capabilities. Find out your development areas and turn them into talent.
