The U.S. and the U.K. plan to conduct cyber war-game exercises with each other later this year through a staged attack on the financial sector. The move is a first for the two countries even though simulated attacks are used often in private industry when companies concerned about becoming targets of hackers look to bolster their digital defenses. But the goals of businesses and nations differ.
“The government is more interested in infiltration and defensiveness than it is about process or remediation,” says Joe Loomis, CEO of CyberSponse.
According to Loomis, the list of things private companies test for during cyber-attack simulations includes deciding what to do first after an attack, figuring out what data should be collected, determining how people in the company will communicate and checking to see if the network is compromised.
While cyber security is a growth industry, not enough businesses are running simulations, Loomis says.
“Companies have been doing terribly because they haven’t been testing,” says Bruce Schneier, chief technology officer of Co3 Systems. “Companies are realizing that this has been a hole in their security.”
Global spending on information security is expected to grow 8 percent this year to $77 billion, according to research firm Gartner. The cost of digital crime is estimated in the hundreds of billions of dollars, according to the Center for Strategic & International Studies in Washington, D.C.