December 9, 2024

How Compliancy Group Proved Their Security Readiness with ChaosTrack

When the CEO of Compliancy Group looked at his company's cyber security readiness, he saw a problem. His team was spending hours watching security videos and taking quizzes, but he had no way to know if they could handle a real attack.

As a company that serves thousands of healthcare companies with HIPAA compliance solutions, Compliancy Group wanted to make sure that they knew with certainty that their team was ready if someone tried to breach their systems.

The Problem with Traditional Security Training

The Compliancy Group team had gone through all the usual security training approaches:

  • Mandatory security videos that put people to sleep
  • Basic multiple-choice quizzes that everyone could pass without learning
  • Annual compliance exercises that felt like box-checking

None of these answered the CEO’s key question: Would his team recognize and respond correctly to a real attack?

Running Their First Cybersecurity Fire Drill

Compliancy Group decided to test their readiness against one of the most common threats - a Google Workspace account takeover. They used ChaosTrack to simulate an attack and measure how their team would respond.

Setting up the simulation was straightforward:

  • The security team spent under an hour customizing the scenario
  • They incorporated their actual security tools and procedures
  • Employees received a link to an interactive chat-based simulation
  • Each person could complete it in 30-90 seconds between other tasks

What They Learned

The results were mostly reassuring - nearly every employee knew the basic steps to handle the attack. But the simulation uncovered several specific gaps:

  • 23% of staff tried reporting security issues to their managers instead of the security team
  • 19% used email to report the problem (which attackers could intercept)
  • 11% attempted to reboot their computers, which could destroy evidence
  • 9% wasted time trying to contact Google support directly

These findings led to eleven actionable fixes to improve their incident response process.

Next Steps: Preparing for Other Threats

After seeing clear value from their first simulation, Compliancy Group wanted to learn more about additional scenarios to test their readiness for common attacks like:

  • Ransomware attacks
  • Vendor security breaches
  • Cloud application account takeovers

The team can sleep better knowing, backed up by real data, that the team knows what to do in an attack, and they found gaps before attackers did. 

The ChaosTrack Difference

Unlike traditional security training, ChaosTrack:

  • Runs quick, engaging simulations that fit into a busy workday
  • Tests your entire organization at once
  • Shows exactly where your security response needs work

Want to measure your team's security readiness? Contact ChaosTrack for a free demo.

©2024, ChaosTrack, Inc. All Rights Reserved. Privacy Policy.