First responders have proven time and time again the valuable help they provide to people in need. Right now, we’re seeing their bravery with the historic hurricanes, fires and floods impacting millions of people. What makes first responders confident in the face of such danger? One word: practice. And this lesson is translating to the private sector in areas you wouldn’t normally expect.

A New Type of Training for Cybersecurity

One area is in cybersecurity, where tabletop exercises have been the norm for the past decade to help teams prepare. These paper-based exercises are kind of like a table read that actors do before they film a movie or TV show. They can be dry, lacking authentic feeling or emotion.

Last year IBM introduced the world to the industry’s first commercial cyber range at IBM X-Force Command in Cambridge, Massachusetts. The facility immerses teams from all walks of a company — security, boards of directors, IT, HR, legal, communications, etc. — into a real-life cyberattack. The experience teaches the importance of leadership in crisis and the critical role of communications during an incident.

The need to practice is acute, with 2 out of 3 security professionals admitting in a recent survey that their organizations aren’t prepared to appropriately respond to a cyberattack. Some recent headline-making data breaches have shown that the response to a breach can often make it worse for the impacted company.

Take command of your security posture: Visit the IBM X-Force Command Center

Practice Makes Perfect for NBC

NBC’s Today Show was recently given exclusive access to an exercise run for 30 members of the Financial Services Information Sharing and Analysis Center (FS-ISAC). Members experienced a cyberattack on a fictitious bank and were thrown into action over several hours. See how they responded and the lessons learned.

To learn more about IBM X-Force Incident Response and Intelligence Services (IRIS), please visit the X-Force IRIS website.

More from X-Force

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed ITG05…

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today