We’ve all been on the phone at some point when the fire alarms go off. “Excuse me, I’ll have to call you back…” is usually the response. Then, with minimum of fuss we would all quietly file out of the building, and congregate in a pre-designated area awaiting further instructions.

After various checks were completed we would be informed that we were all present and accounted for, along with the time it took to complete the drill. Lessons learned would be taken away and implemented next time.

According to Sophos, 90% of breaches are from exploits, 90% of exploits are from known vulnerabilities, however 66% of IT staff lack Incident Response skills.

The difference between a fire drill and disaster recovery in this example is that the building did not actually burn down and neither were staff needed to be re-located; however in terms of Incident Response it was critical to know how we would react in the event of alarms going off.

I would recommend that you review all of your internal procedures (not just “DR”) and where appropriate implement a “Cyber Security Fire Drill” schedule that actually tests your reactions to configured alerts and the scenarios that trigger them.