It’s a nightmare scenario that is becoming all too common these days: A company gets an email from a hacker saying, “We have stolen all of your customers’ data, and we will be releasing it unless you pay us a ransom by noon tomorrow.”
What do you do?
Small telecommunications providers have a vested interest in keeping their networks safe, and the need for strong cybersecurity measures has only heightened during the COVID-19 pandemic. CyberShare: The Small Broadband Provider Information Sharing and Analysis Center (ISAC) works every day to keep networks run by small broadband providers safe by collecting and disseminating real-time threat information, indicators and mitigation strategies from a variety of public and private sources and facilitating communications among participants.
During two free sessions on December 3 and 9 due to overwhelming demand, CyberShare partnered with Booz Allen Hamilton, as well as NTCA, ACA Connects, the Competitive Carriers Association, NRECA, the Rural Wireless Association, Telcom Insurance Group, NRTC and WISPA to host Breached!, an interactive wargame exercise to simulate how to respond to a cyber-attack. More than 150 participants from small network providers spent four hours working in small groups to walk through a real-life scenario—what happens when your network is breached?
In the pretend scenario, a small telecommunications provider that has seen an “uptick in malicious cyber activity” experiences a network breach despite efforts to continually patch its systems. The company has an incident response plan and insurance, but it has never experienced a big hack. Participants worked together to answer important questions, such as: What are the greatest risks during a cyber-attack, and how do you mitigate them? What decisions are required of executives during a cyber-attack? When do you engage with outside counsel or the government? And how do you manage internal and external communications?
Participants role played different positions on a crisis management team to step into the shoes of the communications lead, the general counsel, the HR representative, the executive, the IT team, and more. Broadband providers need to be able to respond to a cyber-attack at a moment’s notice and being prepared to look at the problem from all angles is invaluable.
Breached! participants said they found the exercise extremely helpful.
“This exercise was very engaging and an eye opener for me,” said Daniel Hernandez, information security analyst at Pioneer Telephone Cooperative, Inc. (Kingfisher, Okla.) “I believe that having an example of how to properly execute a table top exercise will help our security team create a similar learning experience for our executive team and engage them in preparing our organization for the cyber-threats we face.”
NTCA members who want to continue strengthening their cybersecurity posture can join CyberShare to access threat information, indicators and mitigation strategies from a variety of public and private sources and benefit from communications with other broadband providers. Working closely with industry partners, the federal government and other stakeholders, CyberShare helps small broadband providers recognize, analyze and respond to vulnerabilities, threats and other risks. To learn more, visit www.cyber-share.org.
