Learn from the mistakes of your “digital twin” through cybersecurity drills and testing, says Vladimir Zapolyansky, CMO at Positive Technologies.
This year has been one of the most challenging on record for most industries and exacerbated the cyber security issues organisations face. During the pandemic, businesses and governments alike made swift changes, triggering large technological advancements in online services, remote working, and video conferencing. The rapid technology advances these businesses have deployed to adapt to the unprecedented circumstances has come at a high price, causing innumerable issues for companies and many have suffered.
According to the UK’s National Cyber Security Centre (NCSC), there was a 10 percent increase in cybersecurity incidents between September 2019 and August 2020. The FBI recently reported that the number of complaints about cyberattacks to their Cyber Division has risen by as many as 4,000 a day. That represents a 400pc increase from what they were seeing pre-coronavirus. Our Q2 Cyber Threatscape report also showed that April and May 2020 were record-breaking in terms of the number of successful cyberattacks, which is likely the result of epidemiological and economic turmoil. Significant world events consistently lead to increases in cybercrime, providing fertile ground for social engineering attacks. This has presented a very important question … how ready is your business to counter certain types of attacks?
Current approach not fit for purpose
The current approach to cyber security isn’t constructive. The industry is too focused on the attacks that have already happened and weaknesses that have been exposed by criminals. This “after the fact approach” only highlights what the company has failed to do, leaving the question of what it needs to do obscure. Instead, companies should be testing the robustness of their systems before the actual attackers can strike. This is the only way to reliably claim a technology is safe before it goes live. Businesses use penetration testing to understand the posture of the security measures. However, penetration testing is always limited to the list of resources that can be hacked. But most importantly, it provides limited scenarios of offensive behaviours due to the inability to work with the real infrastructure.
Understanding real risks without real-world consequences
In real life, cyberattacks are not so predictable: attackers discover new vulnerabilities, use ransomware that is undetectable by anti-viruses, and use other unpredictable approaches. Businesses need to have a better grasp on the real risks to their business without real-world consequences. This can be achieved by utilising a so-called “digital twin” of a company’s infrastructure – replicating real systems and processes – to test and perform cyber drills.
To simulate doomsday scenarios, events that are dangerous to the company, and business risks, a cybersecurity testing area is required. A service such as this cannot be created without real business processes, attackers, defenders, and actual infrastructure. The purpose of using a cybersecurity testing area is to identify all possible ways damage can be done to a company. Large-scale cyber security drills do exist, there is the US National Security Agency Cyber Defense Exercise that has been taking place since 2001.
Another example was The Standoff testing area, which is the largest open cyber range in the world. Offensive teams spent nearly a week attacking real infrastructures in real time, while being confronted by actual cybersecurity experts that were protecting their organisations. The event featured a digital city, where real business processes were created across critical infrastructure such as transport, banking, energy, industrial, and entertainment. The opportunity this event presented has provided what is perhaps the world’s most ideal cybersecurity drill solution.
A scenario featuring several teams attacking a “digital twin”, a company’s digital model that corresponds to the real corporate infrastructure, is as close as you can get to seeing actual cyber attacking and defending without any of the repercussions.
Opportunity to innovate
Over the last decade, we’ve seen innovation develop at a rapid pace, with the promise of smart cities and automated vehicles as examples. However, it’s critical that we carefully observe these technologies due to their impact in society. To minimise the risks, it’s important to unveil what they are in an aggressive testing environment. Within this space, technologies can be evaluated in terms of usability and practical application, fault tolerance and stability, and most importantly, in terms of security. Cybersecurity testing areas will reduce the go-to-market time for new technologies by bringing them to market in a timely and safe manner, preparing their acceptance within society based on the fact that the best global experts have verified and tested them.
Cyber security testing is also a great benchmark to test the level of security a business actually has by listing out the most critical risks and losses associated with them. In a real, aggressive environment, business will be able to evaluate the current security process and resources they are deploying, and thereby determine which are actually effective.
To demonstrate their abilities, offensive teams should not just find a vulnerability and exploit it. Instead, they need to realise the risks by conducting simulated acts such as stealing money from banks, disabling energy systems, and organising a transportation collapse in a city. Until now, no cybersecurity testing area has ever done anything like this. We view this as a new and innovative approach to addressing the complex challenges of security.
