CISOs Participate in Cyber War Games to Hone Ransomware Response Plans at EC-Council

The sold-out session, “CISO wargame,” included 27 senior executives from the largest managed IT service providers in the United States. The event presented the security experts with a simulated incident where an organization is hit by a ransomware attack. Participants had to work to contain the damage of the attack, which grew more complicated as the 4-hour exercise unfolded. Participants were tasked with deciding whether to pay a ransom and use ransom negotiators as well as to communicate with employees, stockholders, and the media about the breach.

The CCISO wargame, conducted by global information security certification body EC-Council as a pre-conference session at PerchyCon 2020, was inspired by the National Defense cybersecurity approaches and tactics. It encouraged participants to develop essential muscle memory to address crises, think fast, act fast, and create a commensurate response.

According to the Ninth Annual Cost of Cybercrime Study released earlier in 2019 by Accenture and the Ponemon Institute, cybercrimes are not just on the rise but are also taking more time to resolve and are becoming more expensive for organizations to recover from. The average cost of cybercrime for an organization increased $1.4 million in 2019 over the past year, to $13 million.

Despite this, there is a huge dearth of skilled Chief Information Security Officers (CISO) across the world, with LinkedIn alone listing over 70,000 unfilled CISO jobs. With this in mind, EC-Council conducted the wargaming session as a strategic tool to be used by CISOs to help forecast future scenarios holistically and help build a proactive strategy and a better reactive strategy.

“Organizations face losses of millions of dollars every year to cybercrimes. No enterprise is infallible, and even with the best security set-up in place, human error can lead to breaches,” says Jay Bavisi, President and CEO of EC-Council Group, “Wargaming can help executives appreciate ways that change not only the risk landscape but also the potential impact of specific risks and response that is needed today.”

In 2019, EC-Council’s Certified Chief Information Security Officer was added to the DoD 8140 (formerly 8570) Directive​ as a recognized certification for DoD IAM Level II​, IAM Level III​, and CSSP Manager​. It is also a recognized qualifying certification for three occupation titles representing 20 master-level job roles ​in the U.S. Navy, four occupation titles representing nine job roles in the U.S. Marine Corps, and four occupation titles representing four job roles in the U.S. Army.

The Certified Chief Information Security Officer live-classes, which are part of EC-Council’s MasterClass Executive Management Program, now have interactive sessions where the instructor will lead “wargames” that mimic what happens during a breach. This scenario-based learning encapsulates all the aspects of what the candidate learns during the week of class, reinforcing the content.

About EC-Council

EC-Council’s sole purpose is to build and refine the cybersecurity profession, globally. We help individuals, organizations, educators, and governments address global workforce problems through the development and curation of world-class Cyber Security Education programs and their corresponding certifications and provide cybersecurity services to some of the largest businesses globally. Trusted by 7 of the Fortune 10, 47 of the Fortune 100, the Department of Defense, Intelligence Community, NATO, and over 2000 of the best universities, colleges, and training institutes, our programs have proliferated through over 140 Countries and have set the bar in cybersecurity education. Best known for the Certified Ethical Hacker program, we are dedicated to equipping over 230,000 information age soldiers with the knowledge, skills, and abilities required to fight and win against their black hat adversaries. EC-Council builds individual and team/organization cyber capabilities through the Certified Ethical Hacker Program, followed by a variety of other Cyber programs including Certified Secure Computer User, Computer Hacking Forensic Investigator, Certified Security Analyst, Certified Network Defender, Certified SOC Analyst, Certified Threat Intelligence Analyst, Certified Incident Handler, as well as the Certified Chief Information Security Officer. We are an ANSI 17024 accredited organization and have earned recognition by the DoD under Directive 8570/8140, in the UK by the GCHQ, CREST, and a variety of other authoritative bodies that influence the entire profession. Founded in 2001, EC-Council employs over 400 people worldwide with 10 offices in the USA, UK, Malaysia, Singapore, India, and Indonesia. Our US offices are in Albuquerque, NM, and Tampa, FL
Learn more at https://www.eccouncil.org/.