Proactively test and prepare security responses to cyber crisis scenarios
True cyber crisis management is a mix of people, technology and processes; organizations must ensure a robust infrastructure is matched by a workforce with proven skills and capabilities.
Check-box training and paper certifications can’t keep up with attackers. Organizations need data that proves their offensive and defensive teams understand and are prepared for the latest threats. Measuring cyber team performance in realistic environments is critical in assessing capabilities and creating muscle memory.
Mastercard’s Cyber Crisis Exercise solution simulates likely cyber crisis scenarios and threats to your organization and reveals executive and response team performance and collaboration. The lessons learned enhance cyber workforce readiness and resilience.
Measure cyber team performance
Request a demo
Let one of our specialists show you how Mastercard Data & Services can unlock the
value of your transaction data to gain a deeper understanding of customer behavior.
Learn from expert cyber advisors in customized workshops
- Scenarios are prepared. Mastercard’s cyber crisis management experts evaluate your organization’s threat landscape and create customized attack scenarios your organization could face.
- Teams are tested. Your workforce, from executive to incident response and security operations center (SOC) teams, go through cyber crisis management training and are tested with scenarios run concurrently.
- You receive recommendations. You receive participant benchmarks and best-in-class recommendations specific to team and individual performance.
Benefits
Join the global payments network secured by over 50 years of cybersecurity principles
Meezan Bank in Pakistan engaged Mastercard to design and run a crisis simulation exercise for the institution’s senior management team. Mastercard’s cyber experts collaborated closely with the bank to design a likely ATM “jackpotting” and ransomware scenario, allowing the bank’s team to evaluate their ability to respond to complex attacks and restore operations. Participants in the simulation included the CEO, CFO, CRO, CTO, CISO and technical & communications teams. This exercise helped Meezan Bank practice its incident response capabilities as one team, build muscle memory for future attacks and understand potential financial, legal, operational and reputational impact for attacks of this scale.
Frequently asked questions
- What is a cybersecurity crisis?
Cybersecurity crises refer to incidents impacting the confidentiality, integrity and/or availability of one or more of an organization’s assets.
- What are examples of cyber crises?
Cyber crises tend to be attributed to human action, whether deliberate such as cyber attacks (malware, social engineering, denial of service, etc.) or accidental in cases such as insider negligence. However, often crises can also be caused by natural disasters such as flooding or hurricanes impacting asset availability.
- What’s included in a cyber crisis management plan?
Cyber crisis management plans are developed by organizations to manage a cyber incident before, during and after it occurs. They will generally contain elements of incident response and disaster recovery, with the aim of reducing downtime of core systems, managing the regulatory and reputational impact as quickly as possible and ensuring business continuity. At the most granular level, organizations must prepare tactical playbooks with instructions on how to handle each likely incident type. What is a cyber crisis exercise?
A cyber crisis exercise is essentially a live simulation of crisis scenarios organizations are likely to face. The relevant staff that would be responsible for handling cyber crisis incidents per the crisis management plan are put to the test and tasked with leveraging the technology and processes (e.g. playbooks) at their disposal to effectively resolve the incident to the best of their ability and causing minimum impact to their organization.
- What happens during a cyber crisis exercise?
During a simulation workshop, staff access a web platform where the crisis scenario is explained, and different questions are asked pertaining to how they would act at each stage of the crisis. A set of response options are provided, to be selected by participants. Each response requires justification and leads to a new set of actions. Responses are then evaluated according to a set of performance metrics which the organization is interested in tracking. These can range from their adherence to playbooks and collaboration between difference teams or team members, to how their actions impact the organization’s share value or brand reputation.
- Who are cyber crisis exercises for?
Exercises can and should include any and all staff that would in some way be involved when an organization is dealing with a cyber crisis, starting from technical teams such as SOC analysts and IT, through cybersecurity and crisis management as well as adjacent teams such as Legal and Communications, and up to strategic decision-makers such as the organization’s C-level employees. These should all be able to coordinate and collaborate effectively during a crisis, which requires practice and testing through regular exercising.
- What is a Mastercard Advisor’s role before and during the workshop?
Before an exercise workshop takes place, Mastercard’s Advisors will evaluate the organization’s threat landscape and collaborate with its cybersecurity management team in order to create a likely cyber crisis scenario and tailor it to the organization’s day-to-day operations. This ensures exercise participants build readiness and muscle memory for future incidents with a high probability of occurring, while also being tested under familiar conditions. While preparing the scenario, Advisors will rank the response options provided for each question from best to worst according to company playbooks and their own industry expertise.
During the workshop itself, Advisors will present and launch the scenario, with participants engaging through a web platform. They will observe and evaluate participant performance, relating not only to responses given at each stage of the crisis but also collaboration with other team member and ability to operate under stress.
- What deliverables are provided by Mastercard Advisors after the exercise?
After running the crisis exercise workshop, Mastercard’s Advisors will hold a debrief session to highlight initial key strengths and areas of improvement from the simulation. Once participant responses and performance metrics are analyzed, Advisors will provide a deliverable report containing the following:
- A country and sector-level threat landscape evaluation, showing likely attack scenarios the organization will face and spotlighting the one selected to build the exercise scenario
- Performance metrics for the exercise at the organization, team and individual participant levels, including benchmarking analysis
- Assessed impact to the organization were the crisis simulation to happen in real life, and lessons learned from how the cyber crisis was handled
- Actionable recommendations for moving forward and improving cyber resilience, through playbook enhancement best practices, creation or refinement of cyber crisis communication plans and focalized training for relevant teams or employees