Written By Will
Lambert
Credit - https://en.wikipedia.org/wiki/Battle_of_Britain_Bunker
In my previous blog post, (The Human
Element) it was discussed that Security Awareness Training was widely accepted
as the best answer to the question of social engineers. Yes, social engineering
is now, and will be for some time, the weapon of choice within a cyber criminal’s
arsenal, but it must not be forgotten that the cyberspace domain has a wide variety
of weaponry and tactics available to adversaries.
As an organisation, you will need
to prepare for all cyber artillery at an adversaries’ disposal. I will illustrate
the Top Five Missions, which form the Operation - Cyber Security Training. This
Operation is essential to an organisation in fortifying defences in advance of a
cyber-attack.
1.
Senior Executive / Board Level Security Training
Mission Objective: Top
Brass to Champion Cyber Defence.
Similar to any military organisation, the
direction of defence will be set by the senior leadership team. Administrating
effective training to your top brass, your Generals, Admirals, Air Chief
Marshals, will be invaluable in strengthening a businesses’ resilience to cyber-attacks.
Board Level Security Training should explain effectively to a senior management
team why they need to take the threats presented from the cyber domain
seriously. Showing where appropriate, real life examples of how cyber attacks disrupt
business, how common tactics, techniques and procedures (TTPs) in use by cyber
attackers have had both short and long term disastrous effects. Stumped business
growth due to obliterated customer trust after businesses have lost vast
amounts of consumer data, just one of the many reasons the top brass should
champion cyber defence in your organisation
Mission
Reward: By getting the correct message at the top, senior management will allow
reasonable, proportionate and effective preparatory works to bolster your cyber
stance. A leader leads by example, not by force.
2.
Security Awareness Training
Mission Objective: Ready the Front-line Troops
for Battle
Your users, regardless of rank or position, will need to be aware of
the risks associated with IT systems. You may well have various walls, fences,
and access controls (firewalls, email protection, ACLs) at your disposal to aid
in the defence of the realm, but battles are rarely won with perimeter defences.
The boots on the ground, those on the front-line who make decisions at the time
of attack are key in preventing the battle in the first place - effective
Security Awareness Training will aid in this critical decision-making process of
your front-line troops. Ready the troops through equipping them with the knowledge
of dangerous attack vectors and how to protect themselves, and subsequently the
business from social engineers, vishing, phishing, malware, etc. Through this
knowledge transfer, your troops will be able to prevent an attack from
realisation in the first instance. According
to Verizon's 2018 Data Breach
Investigations Report, 90% of cyber-attacks begin with phishing, but not
all troops are aware of this common attack. It will take only one soldier to
fall for a phishing email to undo all of the in situ perimeter defences.
Mission Reward: Lowered risk of successful attack through imparting
knowledge to boots on the ground of common attack vectors and how to shield
against them. Know your enemy, know his sword.
3.
Secure Code Training
Mission Objective: Instil Pride
and Confidence in Your Insignia
Think about any digital product you build, own, or at least place your
mark upon. Whether they be applications, websites or any other software, they
will carry your brand. Regardless of coding language, if the code which has written the
digital asset is not secure, it could be vulnerable to attack. Similar to aircraft or warship construction, you will need to train the engineers who
subsequently build, secure, and then lastly review the final product for
vulnerabilities. Secure Code Training will heighten the skills of developers in
recognising vulnerabilities in code, ensuring that your digital assets are resistant
to attack. The number of software vulnerabilities in code can be reduced, but
never eliminated. This is due in large to the play off within the CIA Triad - the
Confidentiality, Integrity and Availability of your product will come down to
what you want your aircraft to do. Your aircraft can be tremendously stealthy,
heavily armoured, extremely fast but not all three at the same time. Don’t
forget, as with any good adaption of any software development methodology,
Secure Code Review by external validators must be included to provide an extra
layer of assurance. It is your insignia on these assets, if it gets shot down,
your brand will be damaged. Depending on the magnitude of the attack, perhaps
irreparably.
Mission
Reward: Secured products are less vulnerable to attack, thus protecting
your brand. Prevention is better than the cure.
4.
Incident Response Plan Training
Mission
Objective: Develop Your Immediate Action Drills
Unfortunately, no matter what you do, some
attacks will still penetrate your defences. Immediate Action drills are used to
define what your troops, including your top brass, should do when under attack.
Cyber attackers have a wide variety of weaponry they can leverage against you.
The use of different weapons will require different responses or Immediate
Actions (IA) on your part. IAs to a Malware attack will differ from IAs in
response to a Distributed Denial of Service (DDoS) attack. Incident Responses
should be carefully considered, with a full appreciation of handling an attack
from its conception (preparation, detection and analysis), through the handling
stages (containment, eradication and recovery), to the conclusion (post
incident review, lessons learned). Your senior leadership will need to know
what role they play in handling a cyber-attack, especially with regard to crisis communications, both internal and external to the business. When under attack,
the chain of command can be disrupted with miscommunication across the net
running rampant. We have seen examples of this in recent months, due to the of
lack of preparedness for a cyber-attack, or even underappreciation of the level
of damage a cyber-attack can inflict on a business. Collectively, these IA
drills are referred to as the Business Continuity Plan (BCP).
Mission
Reward: Developed IA drills prepare a business in advance of a cyber-attack.
In times of peace, victory is paid for in sweat, courage and preparation.
5.
Incident Response Testing
Mission
Objective: Field Training to Test Your IA Drills
There are 6 methods you can use to field test your BCP:
1.
BCP Walkthrough
The most basic form of Incident Response
plan testing. This focuses on simply reading the BCP in its entirety to ensure
it is complete. A simple sanity check to
ensure there are no fundamental shortcomings.
2.
Read-Through Checklist
This tests for successful recovery. Usually performed
in conjunction with a walk-through, its aim is focused on ensuring an organisation
can acquire relevant resource upon which successful recovery is dependant.
3.
Structured Walk-through
The structured
walk-through test is usually performed with a single team; it allows
for individuals who are more knowledgeable about systems and services targeted
for recovery, to be tested for deeper understanding. Any noticeable omissions, gaps, assumptions,
technical missteps, etc. that would hinder the recovery of business
systems will be unearthed.
4.
Simulation Test / Walk-through Drill
A simulated disaster is posed to the team
with which they must respond and go through the motions of recovering the
business. By far the most popular version of field training for most
organisations – this type of testing requires representatives from most, if not
all areas of the business, not just team leaders. This field exercise is
designed to stress test your BCP, linking in other elements like the Business
Recovery Plan, Disaster Recovery Plan and Crisis Communications Plan.
5.
Parallel Processing
Used in environments where transactional
data is key. Typically, this test will involve the recovery of systems at an
alternative site, by use of backups. In this type of testing, the primary site
is not affected, and end clients should not notice any difference during the
switch over which occurs as part of the BCP test.
6.
Partial / Complete Business Interruption
Highest dependability test of all. This
type of test involves initiating your BCP if your primary facility was unable
to function. All business functions will cease at the primary site, provoking
the business to regroup to an alternative site (if available), or recover
systems at the primary site to BAU standard.
Mission
Reward: Fortify your BCP through exposure and remediation of weakness in
your IA drills. Most battles are won before they are fought.
Operation –
Cyber Security Training - Summary
This Operation is essential for any organisation to defend,
detect, deter, and recover quickly from cyber-attacks. The training should take
the best format possible – face-to-face. This format permits students to
question and become immersed in the training, allowing maximum understanding of
the weaponry, TTPs and IAs pertinent in domain of cybersecurity.
"It is an unfortunate fact that we can
secure peace only by preparing for war."
John F Kennedy
Well done Will.
ReplyDeleteTo have cyber security skills you need to undertake cyber security training. This is a training that is offered in a number of government and private institutions. cyber security institute in hyderabad
ReplyDeleteAivivu - đại lý chuyên vé máy bay trong nước và quốc tế
ReplyDeletemua ve may bay di my
đăng ký bay từ mỹ về việt nam
vé máy bay giá rẻ hà nội đi sài gòn
giá vé máy bay tphcm đi hà nội
vé máy bay đi đà lạt vietnam airline