Once again, we had the pleasure of working with Allegro’s cybersecurity team.
The aim of the exercises – in addition to team building and simulating advanced APT attacks – was to test the ability to coordinate activities, cooperate, and exchange information between experts from various fields: cybersecurity, information security, business resilience, IT compliance, and PR.
We decided that the following two exercise scenarios would be best suited for this purpose:
1. Cuba Ransomware – participants had the opportunity to use the platform’s new functionality, Playbooks. In addition to building a cybersecurity system, their task was to develop an optimal action plan based on the PICERL (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned) model developed by the SANS Institute, which enables effective protection, detection, and response to a simulated attack.
2. Supply chain attack – teams received fragmentary intelligence about a campaign conducted by an APT group. Only when combined did this data provide a complete picture of the attackers’ activities. Participants had to decide whether to compete based solely on the information they had or to collaborate and exchange data with other teams.
Simulations have confirmed that cybersecurity teams must be prepared for a situation in which an attacker breaches security and gains access to the network (assume breach). In such moments, clearly defined, coordinated, and systematic actions are crucial—and above all, testing them in realistic conditions to see if the team can operate effectively under the pressure of an incident.
The competition proved to be exciting and was a great exercise for the teams, increasing their competence. By combining people from different departments in teams, it was possible to take a comprehensive look at the incidents being practiced, but from different perspectives. Because #cybersecurity is a team game.
Thank you, Allegro, for trusting us again this year!
We invite you to cooperate with us
If your organization would like to use the CyberBastion platform in a similar or completely different scenario – focused on testing and developing the ability to build cyber resilience, coordinate actions, and respond to incidents correctly – please contact us and cooperate with us.
Exercises carried out in CyberBastion can be based on recognized standards and regulations, such as NIS2, DORA, or GDPR, and can also be adapted to national or sectoral needs.
Together, we can prepare a simulation that will allow you to test both technical response procedures and organizational mechanisms for cooperation in crisis situations.
