{"id":339,"date":"2024-09-24T10:00:00","date_gmt":"2024-09-24T10:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=339"},"modified":"2024-09-24T10:00:00","modified_gmt":"2024-09-24T10:00:00","slug":"incibe-demonstrates-value-of-ransomware-simulation","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=339","title":{"rendered":"INCIBE demonstrates value of ransomware simulation"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>In Le\u00f3n last week, the\u00a0Spanish National Cybersecurity Institute (INCIBE) hosted a\u00a0live demonstration of its capabilities for detecting, mitigating, and responding to cyber incidents.<\/p>\n<p>INCIBE, which operates under the Ministry of Digital Transformation and Civil Service through the State Secretariat for Digitalization and Artificial Intelligence, invited CSO Spain to observe the high-impact simulation, which was aimed at training personnel and testing and improving the security of its information systems and digital services.<\/p>\n<p>\u201cIt is very important for every organization to be trained and educated so that when they are suffering a cyberattack they know how to act,\u201d Patricia Alonso, manager of INCIBE, told CSO Spain.<\/p>\n<p>As Alonso pointed out, it\u2019s one thing to know there are crisis procedures; it\u2019s another thing to be able to put them through their paces. \u201cWhen an incident happens, we get nervous, we don\u2019t remember, or we don\u2019t know what to do.\u00a0It is very important to be clear about the procedure to follow\u00a0and to practice it,\u201d she said.<\/p>\n<div class=\"extendedBlock-wrapper block-coreImage undefined\">\n<p class=\"imageCredit\">INCIBE.<\/p>\n<\/div>\n<p>\u201cIf a company is trained, it will have no problems knowing what to do at all times or how to communicate what has happened,\u201d she added. \u201cAnd that means, among other advantages, having a faster recovery.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Visibility exercise<\/h2>\n<p>The exercise presented\u00a0by INCIBE involved <a href=\"https:\/\/www.csoonline.com\/article\/571891\/red-vs-blue-vs-purple-teams-how-to-run-an-effective-exercise.html\">red-teaming<\/a>, in which part of the organization, the red team, plays the role of an attacker to test and help improve the security practices of those participating in the defense, the blue team.<\/p>\n<p>As cybercriminals, INCIBE\u2019s red team re-created an advanced attack and realistic crisis scenario, in which it exploited a vulnerability in INCIBE\u2019s systems and managed to launch, using intrusion techniques, a\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/563507\/what-is-ransomware-how-it-works-and-how-to-remove-it.html\">ransomware\u00a0attack<\/a> on the infrastructure that supports the services managed by Incibe.<\/p>\n<p>The simulation allowed INCIBE\u2019s expert cybersecurity protection teams to test and improve the procedures used in all phases of managing a cyber incident \u2014 preparation, identification, containment, mitigation, recovery, and post-incident action.<\/p>\n<div class=\"extendedBlock-wrapper block-coreImage undefined\">\n<p>Patricia Alonso, manager of INCIBE<\/p>\n<p class=\"imageCredit\">INCIBE.<\/p>\n<\/div>\n<p>\u201cAt INCIBE we have to lead by example, and the simulation has been just that: to show how an attacked company responds, in this case ours. To do this\u00a0we have chosen\u00a0ransomware<em>,<\/em>\u00a0as it is the incident that most people are likely to be aware of at the moment; and because it is the one that most companies report to us,\u201d Alonso said.\u00a0<\/p>\n<p>\u201cWe have to be prepared for a cyberattack of this type, and what we wanted to check is whether we suffered from any type of vulnerability that could be exploited by attackers. Luckily, that was not the case. In addition, we also wanted to test our recovery and contingency systems,\u201d she added.<\/p>\n<p>For information purposes, INCIBE has offered annual simulation sessions to more than 160 strategic Spanish companies through its CyberEx program. To this end, it has provided the necessary tools to train them in responding to security incidents. This year, the institute expects 30 new companies to join this initiative, thus expanding the network of organizations prepared to face cyber threats.<\/p>\n<p>Likewise,\u00a0INCIBE stressed the importance of coordination with the competent authorities and other response teams as key elements in the detection and mitigation of cyberattacks. During the simulation, response actions, the activation of contingency services, and the recovery of services in production were demonstrated.<\/p>\n<p>\u201cOne of the aspects that we wanted to highlight with this cyber exercise was the holding of a videoconference to check that all the teams were constantly connected. Our crisis committee, in which the management committee participates, was also represented in this videoconference,\u201d Alonso said.<\/p>\n<p>\u201cAnd it is very important that they do so because they have to know what the consequences of not making investments in cybersecurity are; and, in the event that a service has been affected, this incident has to be reported to the backup center. That is why it has been so important to have the means of communication, so that citizens know what to do in the event of suffering a cyberattack,\u201d she said.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>In Le\u00f3n last week, the\u00a0Spanish National Cybersecurity Institute (INCIBE) hosted a\u00a0live demonstration of its capabilities for detecting, mitigating, and responding to cyber incidents. INCIBE, which operates under the Ministry of Digital Transformation and Civil Service through the State Secretariat for Digitalization and Artificial Intelligence, invited CSO Spain to observe the high-impact simulation, which was aimed [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":340,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-339","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/339"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=339"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/339\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/340"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}