Kelly Ambriz, International Business & Market Development Manager, Government Sector, Keysight Technologies, talks about why businesses should use threat stimulation to test cyber defences and how proactive testing of cyber defences is needed to reduce risk and minimize consequential losses.
Cybersecurity is rightfully a top concern for enterprises and getting more so with all the high-profile breaches making the news. Leaders don’t want their company making the news having fallen victim to a massive ransomware attack or denial of service.
In the UAE, daily malware detections have increased by 122% since March this year and this trend exposes the critical need for cybersecurity in the region, especially for SMEs. This goes to show that cybercriminals are working overtime to develop tools and tricks that enable them to counter-fight the solutions being put in place.
So the question is: are organizations truly safe? How do we really know? Even the best cyber security products need to be properly installed, configured, and kept up to date to protect effectively – is that certain in all enterprises, especially with all the new security products coming online?
CIOs should also allocate sufficient budget and time to get their security teams fully trained on all the products the company buys. Besides, are alerts from security tools being monitored, and if they are, do the critical threats bubble up from the noise and get noticed? Have the company’s security operations procedures kept up with the ever-changing threat landscape and the new cyber security tools that the human security team relies on?
Rather than reactively responding to cyber-attacks, proactive testing of cyber defenses is needed to reduce risk and minimize consequential losses. The team needs a solution that will allow them to simulate threats safely and to see how their cyber defenses hold up. Just like an Olympic athlete needs to train repeatedly to be ready for their big competition, a security team and the security tools they use need to be given regular workouts to get them prepared for the big attack that will inevitably come.
But training needs to be done safely – a ski jumper doesn’t start off their career jumping off the biggest ramp, they practice landing into swimming pools, tuning their form in wind tunnels, working their way up to smaller jumps, and so on in ever more realistic situations. Likewise, you wouldn’t risk intentionally placing actual malware into your enterprise to see if your cyber defenses catch it. On the other hand, training needs to be realistic enough to get the security team ready to deal with actual threats once they arrive.
Threat simulation is a security workout where realistic (but harmless) threats are played out in your enterprise environment – testing and validating whether your security tools and your security teams detect and respond to the simulated cyber breaches.
In the Middle East, the Central Bank of the United Arab Emirates (CBUAE) launched a cyber-attack simulation on the UAE’s banking sector to test its resilience against cyber threats. The UAE Bank Federation (UBF) also took part in this exercise. This exercise was a part of the mandate issued by CBUAE to ensure the safety and stability of the country’s financial system.
As per the CBUAE, carrying out this cyber-attack simulation was essential to protect the UAE’s economy from the cyber threats plaguing the world. The dummy cyber-attack hit the financial institutions to help them assess their threat posture and enforce the necessary defence mechanisms.
Moreover, techniques such as a simulated ‘Dark Web’ can be used to attack an enterprise in a safe and controlled manner – and the detection and prevention capabilities of security tools and the readiness of the security teams can be proven before an actual attack occurs. Just like an athlete needs to work out regularly to be ready for competition, threat simulation can be automated to run continuously and with the latest threats to ensure cyber defenses are prepared for the ever-evolving threat landscape.
With threat simulation in place, a CIO and their security team can be reassured they’ve prepared themselves for the main event. They have a way to prove that their cyber defenses work to protect against the latest threats, rather than waiting weeks or months for attackers to try exploiting vulnerabilities.
