• +61 2 9241 1344
Become a Client

Cyber Uplift

Any information security framework will fail without staff knowing how to use it. To uplift an organisation and its information security capability, the human factor is pivotal to success:

STAFF AND TRAINING
Org-wide readiness

EXERCISES AND TESTING
Conquering a crisis

DRIVING CULTURE
Positive preparedness

Staff and Training - The Shield

Education extends far beyond cyber risk awareness training and modules. Exercising key risk scenarios not only uplifts the capability of staff, it ultimately uplifts the organisation’s capability to confidently respond when the day finally arrives.

  • Tabletop Exercises – Our tabletop exercises, much like our cyber risk awareness training, is tailored to the specific context of your organisation. We assess your documentation, your environment, and search for weak points the same way a threat actor would. Our exercises are focused on three pillars that ensure business continuity: Preparedness, Leadership and Communication. These three pillars assist organisations to stay composed during a crisis, show confidence and direction, and confidently share information internally and externally to manage the expectations of all stakeholders.
  • Live Play Exercises – We also specialise in Live Play Exercises, taking realism to the next level. By confidentially collaborating with key staff, we can simulate real-world attacks and/or outages to evaluate decisions under real pressure. With careful planning and the appropriate safeguards to ensure no real losses, maturation of incident response capability takes an express train as unknowns are resolved and techniques can be fine tuned.
  • Testing Effectiveness – Exercises are typically impact focused and do not dig deeper into the collective controls that ensure a successful response. Testing of specific controls requires a formal control testing framework. Traditionally, most control testing frameworks determine the suitability of design, while we specialise in ensuring operational effectiveness. Controls testing programs are designed to think outside the box and strain all parameters in the same way a threat actor would. We can assist organisations to perform internal testing or externally facilitate testing in the form of penetration testing or simulated attacks. This level of testing contributes to KPI data and assists organisations in determining cost vs performance.
  • Forget the Guesswork – Multifaceted exercises and testing allow your organisation to build a level of confidence previously unknown, the type of assurance leadership teams and regulators beg for. Deciphering simple enhancements like consistent language, widely-known alert types, supporting lines and more, the response time is drastically improved as the support network takes confident steps at each point of a crisis.
Learn More about Cyber Training

Exercises and Testing - The Drill

Training modules or e-modules are the norm when it comes to training staff on cyber risks. This method of training is ineffective on its own and must be supplemented with behaviour-based cyber risk awareness training. We take pride in the quality of our cyber risk awareness training, and having worked with major entities year-on-year, have the data to back its effectiveness.

  • Contextualised Training – Working with organisations to contextualise their information environment helps us to deliver training that hits home. We focus on the day-to-day activities and educate your staff on the possible risks that easily slip under the radar.
  • Engagement Activities – During our training sessions, we involve staff and make it informative while an open-conversation. The importance of transparency in information security risks is no well-known. By making stories and experiences an open conversation, staff become more comfortable with reporting incidents and near misses.
  • Dark Web Exposure – We provide unique views into Dark Web activity, driving the conversation of why we need security. Exposure to the criminal activity that happens daily is a significant eye-opener for all staff regardless of their position. 
  • Real Unreported Stories – Given our involvement in cyber risk over the years, we are exposed to incidents that are often unreported or never see the light of media scrutiny. This provides us with a rolling index of different types of incidents that we provide as examples of threat actor creativity in evading cutting-edge security. These stories also further support the importance of the human-factor and how staff vigilance is crucial to aiding the technical controls that are in place.
Learn More about Cyber Exercises

Driving Culture - The Safety Net

With any cyber incident the speed of reporting and responding is critical to the outcome and can have a negative domino effect if poorly executed. Driving a positive cyber risk culture inherently creates the people safety net that no technical control will be able to abolish:

  • “No Blame” Reporting – In working with various types of industries and sizes of organisations, we sometimes come across leaders that want to test and reprimand staff for failing. This approach breeds a culture of fear and secrecy as staff sweep incidents under the rug to ensure their employment is not at risk. From the very start and through cyber risk awareness training, we encourage open conversation. The only way to beat threat actors is to share their different methods and stop the next person falling victim. 
  • Exercise and Testing Culture – Following training, our exercises and control testing methods have a human-centric approach. No incident response or control effectiveness outcome is of benefit unless the communication factor is established. By encouraging constant communication of identified weaknesses and the importance of their remediation, issues are resolved faster and organisations avoid the delay due to the politics of having findings presented to leadership. Information security weaknesses are not punished by regulators unless an incident occurs and it was hidden or neglected. All regulators encourage the identification and reporting of weaknesses and commend organisations that are transparent.
  • Data Handling Practices – Data governance is often overlooked and no formal framework is in place. Without a data governance framework, all activity relating to information could be performed in a manner that increases risk. By creating a formal data governance framework and educating staff, information can be appropriately created, modified, stored, transferred and destroyed while satisfying Australian and International privacy laws where applicable. 
Learn More about Driving Cyber Culture

Would you like to know more about our Cyber Resilience services and capabilities?

Contact us today