The 5 Cybersecurity Concerns You Can t Overlook

Transcription

1 The 5 Cybersecurity Concerns You Can t Overlook and how to address them 2014 SimSpace Corporation

2 The 5 Cybersecurity Concerns You Can t Overlook CONCERN 1 You don t know how good your cybersecurity team is CONCERN 2 Your security tools alone cannot stop advanced attackers CONCERN 3 You fear that adversaries are already in your network CONCERN 4 You can t train for disruptive attacks to your network CONCERN 5 You can t adequately defend what is important to your business There are two kinds of big companies in the United States. There are those who ve been hacked by the Chinese and those who don t know they ve been hacked by the Chinese. FBI Director James Comey, October 2014 In today s world, national organizations, businesses, families, and individuals are more reliant on the internet than ever before. Unfortunately, this cyber growth has been accompanied by a significant increase in the number of cyber attacks. For the moment, the wrong side is winning. It s time now to take back your network and protect your data and products. At the outset, your cybersecurity fears can be sharply reduced, if you learn how to address them. In this guide, we ll tackle 5 cybersecurity concerns and give you the tools to mitigate them. When you finish reading this guide, you can start to take action to protect your organization. 2

3 CONCERN 1 You don t know how good your cybersecurity team is You ve hired good people and verified that they have the right cybersecurity certifications. That s a great first step. But how can you tell if your team is able to stand up to today s cyber threats? According to the maxim, you are only as strong as your weakest link. In some ways this is true. Your cyber defenders have to protect your organization from an array of attacks, while hackers only need to succeed at one. If one of your links is weak, the hacker can win. But successful teamwork relies on more than strong individual links. In reality, all teams are only as strong as their ability to work together. This applies even when every team member is highly qualified, highly prepared, and highly motivated. So how do you know if your team is competent in today s cyber world? The first step is to conduct a comprehensive team assessment. SimSpace has developed a thoroughly tested evaluation methodology shaped by the National Institute of Standards and Technology (NIST) Cybersecurity Framework and based upon decades of cyber knowledge and experience. We test your team against a full array of today s attack vectors and provide comprehensive feedback on your specific strengths and weaknesses. Next, we provide organizational recommendations and offer tailored training to improve your existing team s performance. If you create a strong team, bring their skills together, and assess them to ensure that they are capable of meeting today s cyber challenge, you can significantly raise the bar for attackers and thereby mitigate future cyber breaches from happening to your organization. You must first ASSESS in order to IMPROVE your CYBERSECURITY TEAM 3

4 CONCERN 2 Your security tools alone cannot stop advanced attackers There was a time when employing tools like firewalls, anti-virus, and intrusion detection systems was all you needed to feel safe. Those days are gone. Cybersecurity companies continue to create new tools, but unfortunately, technology alone cannot counter a determined adversary; there are too many attack variants and exposed attack surfaces to keep pace with the enemy. A full security solution must include your human cyber defenders, their processes, and their tools. Security tools will help stop yesterday s attacks and perhaps raise the cost to an attacker, but without a trained team and tested processes, you cannot hope to fend off the more elusive cyber attacks. SimSpace takes a people-process-technology approach to cyber security. This means that in addition to improving technology, we aim to advance your cyber team and their defensive strategies during interactive, on-network events. SimSpace can score your team s cybersecurity posture against a live emulated adversary baseline. We can then accurately demonstrate the security impact to your organization if new tools, tactics, or even new team constructs are integrated into your network environment. This information helps your organization decide where to spend your next cyber dollar and determine how much is enough? Your cybersecurity solution must consider PEOPLE, PROCESS, and TECHNOLOGY 4

5 CONCERN 3 You fear that adversaries are already in your network In 2013 alone, Federal agents notified more than 3,000 US companies that their computer systems had been breached. The year 2014 was even worse for US companies, particularly in the retail and financial business areas. Your networks may be next or they may have been already compromised. In order to cleanse your environment or as a response measure, the SimSpace method shifts from strictly defending your network passively to actively hunting for potential cyber threats. In addition, SimSpace can be called upon to help you recover when you have been compromised. SimSpace will apply the technology and the assessment, training, and testing procedures of the Department of Defense and US Cyber Command developed by both the Massachusetts Institute of Technology Lincoln Laboratory (MIT LL) and Johns Hopkins University/Applied Physics Laboratory (JHU/APL) to your organization. SimSpace will work with your company to teach you how to pursue, remove, and restore the effects of cyber attacks. We aim not only to provide your organization with response services, but to teach your team how to protect itself. Your team needs to know how to ACTIVELY PURSUE and REMOVE attackers 5

6 CONCERN 4 You can t train for disruptive attacks to your network On the cyber battleground; your team needs to train like they fight and fight like they train. To protect your business, you need to put your cybersecurity team into an environment that challenges them as real adversaries will do and that also allows both sides to take the gloves off to exercise more realistic strategies. To simulate your particular cyber battleground, SimSpace creates a Virtual Clone Network (VCN), which is a high-fidelity copy of your company s real network. Your VCN provides you with a unique, exceptional opportunity to stress test your organization s cybersecurity practices and provide feedback toward its advancement. The value of this technique cannot be understated. It is essential that your organization be prepared for real, complex attacks from sophisticated adversaries. Using your organization s VCN, SimSpace can test your team against the full spectrum of potential threats. Your team needs to train on a VCN against a LIVE ADVERSARY 6

7 CONCERN 5 You can t adequately defend what is important to your business If you assume that an advanced threat will eventually penetrate your network perimeter or is already inside, you need to understand your cyber key terrain and develop processes to best defend what is important to your business. SimSpace teaches your cybersecurity team how to identify, monitor, and protect your cyber key terrain. Our Mission Impact Model tool helps you define all of the components that support each key business function. We work with your cybersecurity and IT team to identify the network infrastructure for each business function and then develop tactics to protect, detect, and respond to attacks. Knowing your security team s competencies and understanding your cyber key terrain risk factors will help you determine the right type and amount of cyber resources required to protect your business. Your team needs to IDENTIFY, QUANITFY, and MANAGE its cybersecurity risks 7

8 How To Address Your Concerns Now that you ve acknowledged your concerns, you can take steps to mitigate them. Here are actions you can take to significantly reduce those concerns: Provide tailored cybersecurity team training for your staff As discussed earlier, highly effective cyber defenders must operate as a team. Cybersecurity has become too complex for merely individuals or small crews. To create a robust defense against today s attackers, you need to provide cybersecurity team training. Tailored training in which your team utilizes both its security tools and processes on your organization s Virtual Clone Network (VCN) will provide more relevant feedback. In addition, SimSpace s team-based training focuses on increasing the awareness and understanding of each individual s part in forging a team that is more effective than merely a collection of individuals. Employing regular team exercises on a VCN provides the much needed onkeyboard experience necessary for these highly perishable skills. Focus on the principles behind cybersecurity technology At SimSpace, we have demonstrated that an experienced team operating with open-source products performs as good as or, at times, better than teams using leading-edge commercial products. Why? Because of their functional malleability in other words, by developing and customizing open-source security tools, they create uncertainty and difficulty for the adversary. Furthermore, SimSpace uses an open-source rucksack or fly-away kit to teach cybersecurity concepts. Shaping and working with these tools drives home a stronger, more fundamental grasp of the principles behind their cybersecurity techniques. Afterward, our defenders find that they can then work in any environment and with a broader set of tools because they have a better understanding of core cybersecurity concepts. Exercise your cyber recovery plan Just like planning for recovery from any other disaster, organizations need to be prepared for an operational failure due to a cyber attack. Working through tabletop exercises to identify who to notify and what steps to take toward recovery should enhance your company s cyber recovery plan. To proceed to the next level of preparedness, operational or technical-level exercises will allow your cybersecurity personnel to validate their cyber skills by performing under simulated cyber incident conditions against interactive, on-net threat emulators. As part of the SimSpace output, a performance report is generated that details kill-chain effectiveness and timing metrics along the three capability axes: team, tactics, and technology. 8

9 How To Address Your Concerns Understand cyber insurance for your company We know from a recent survey by the Ponemon Institute that the annual average cost per company of successful cyber attacks in 2014 increased to $20.8 million in financial services and $14.5 million in the technology sector 1. However, according to the Harvard Business Review, 60% of companies have no plans to purchase security insurance 2. Your company likely needs cyber insurance, but how much? Knowing your cybersecurity posture and taking steps to improve the protection of your cyber key terrain are all factors to consider in cyber insurance. Reduce your overall cyber risk and then consider cyber insurance to cover your diminished cyber exposure. Utilize SimSpace We want to empower your cybersecurity staff to work as a highly effective defensive team. Our unique technologies along with our accurate assessment and successful training methods, derived from many years of supporting the US military, are capable of transforming your organization s cybersecurity preparedness. We offer many solutions that can be tailored to your particular company s needs, just check out the table in this packet. If you are new to cybersecurity operational exercises, you may start by getting your team exposed to a generic or sectorspecific environment and let them take it for a spin. Every team we have worked with has said the SimSpace approach was extremely helpful and for many it was the best training ever. Alternatively, you may already realize the need for your organization s Virtual Clone Network and appreciate the value of tailored assessments, training, and testing opportunities. Act now to protect your organization s data and to take back your network. 1 Ponemon Institute, 2014 Cost of Cyber Crime Study: United States, Hewlett-Packard, October 9, Harvard Business Review, Meeting the Cyber Risk Challenge, Harvard Business School Publishing, hbr.org/hbranalytic-services,

10 Getting Started With SimSpace To make the most of your SimSpace experience, start with the following steps: 1. Identify your cyber key terrain based on your organization s mission or goals Familiarize yourself with the NIST CyberSecurity Framework Actively document all the devices, users, and software on your network Prioritize your business functions and map them to your cyber infrastructure Employ a SimSpace Mission Impact Model to understand your risk 2. Evaluate options to accurately measure your cybersecurity preparedness Review your cybersecurity staff s skills and certifications Research individual and team training options Begin with measurable steps to improve your security posture and grow with your business needs Insist on demos from other network exercise providers to understand their traffic generation capability and fidelity to their real-world counterparts 3. Attend one of SimSpace s events or demos to see what it s all about See the solutions in action Empower your cybersecurity team to lead your cyber defense; it will save you in the long run Area Features Base Standard Premium Exercises 1-Day Technical Exchanges (IPC, FPC, etc) Mission Impact Model Tailored Crew Manual Mission Essential Task Feedback Exercise Execution & Comprehensive Report Predefined environment Network Model Attacks Network configuration Sector-based environments (Financial, Power) Network customization High-fidelity, reactive virtual users Network cloning of custom business systems Standard Attacks (e.g. spear-phishing, botnets, web) Custom attacks Advanced threat emulation (0-day, hardware) Automated, persistent threat emulation Active Deception Tailored network deception solution Attacker re-hosting to deceptive network 10

11 About SimSpace SimSpace was initially formed by cybersecurity experts from the US Military, the Massachusetts Institute of Technology Lincoln Laboratory (MIT LL), and the Johns Hopkins University, Applied Physics Lab (JHU/APL). Members of the SimSpace team have spent much of the last decade focused on improving the ability to rapidly build large-scale, high-fidelity, and stable network models. They have also developed and integrated network activity replay and mission impact capabilities. In the past year, the team has also made significant strides in measuring and assessing effective team cyber defense. All of these developments have been carefully tested and validated in both small-scale experiments as well as largeforce training exercises. Finally, the technology from MIT LL is licensed and extended by the SimSpace Corporation. SimSpace was founded by William Hutchison, former Mobilization Assistant for Training, US Cyber Command, and Lee Rossey, former Group Leader in the Cyber Systems Assessment Group at MIT Lincoln Laboratory. Protect your data. Take back your network. Contact SimSpace: 11