X-Industry

Why Do Resilience Testing?

Posted by Mac McKee on December 15, 2021 at 4:31pm

9914077273?profile=RESIZE_400xHere is an old story that is still funny to those of us who used floppy disks.  If you do not remember them, skip to paragraph 2. There have always been funny stories about failed recoveries from cyber incidents.  A dedicated client regularly took backups on disk, giving them to his system administrator and asking for them to be filed for emergencies. It was only when a failure occurred that he asked for the latest backup disk and discovered it had been filed in a ring folder, with two neat punch holes in it.

This story highlights that any resilience measure must be tested on a regular basis, and not just when shit hits the fan.  A common test of a network’s resilience is Penetration Testing, or a PEN Test, which is a process that involves discovering security gaps and vulnerabilities within networks and applications. It is often called ethical hacking, as your network is essentially getting hacked but without causing the damage a normal cyber-attack would inflict.

The PEN tester attempts to probe your infrastructure and exploit vulnerabilities with advanced tools and methodologies, just like a real hacker would do. The aim is to uncover any security issues that allow hackers access to sensitive data and systems. Reports from the PEN Test, outline issues enabling IT teams to fix them and improve overall business security.

In theory, a PEN test sounds great, which is why so many businesses jump to the conclusion that they need one. But there are alternatives, such as Vulnerability Assessments, which will tell you, upfront, what security is, and is not, in place. From these reports any highlighted issues can be confronted.

Vulnerability Assessments tend to be much more cost-effective than a PEN test. They can be run multiple times or, be set for a scheduled scan, say each quarter, to check security posture. This makes fixing issues easier as the work is spread out over the year, whereas a PEN test, done once or twice a year, means any issues discovered need to be fixed immediately and together.

When considering resilience, it is critical to assess how data, including emails, are backed up or, in the event of a disaster, how quickly new systems could be brought online, with all data in place and available to users. Many of the latest systems enable data to be stored in different locations and media types. This is often cheaper and more robust than traditional backup solutions. The ability to test a complete or partial restore is made easy and non-disruptive and can be done monthly. Even testing the Disaster Recovery process is straightforward and can enable an organization to actually see how long it would take to restore data onto new devices. Such ‘real’ information is vital to understand as it forms the basis of any recovery program. 

Networks are not alone in being able to be tested for resilience, it also applies to endpoints and applications, using breach simulation tools known as Breach & Attack Simulation (BAS) technology.  A BAS service is fully automated and launches attacks on selected services such as email, web, phishing campaigns, supply chain attacks and ransomware across the full cyber kill-chain. These attacks are fully customizable in an open framework with the most comprehensive repository of assessments and executions gathered from numerous attacks, which allow real-life situations to be explored in any environment.

Once the simulation has been completed, the current exposure, attackable vulnerabilities, misconfigurations, and security gaps are shown. Thereafter, security performance with a risk-score, based on proven methodologies, including NIST, CVSS V3 and Microsoft DREAD can be measured and track ed. This intelligence is vital in order to understand progress in protecting the network and data and can also be a valuable report to share with The Board, to confirm the data security investment.

A new area of real-time resilience testing and monitoring has formed under the term ‘Security Performance Management’ (SMP) tools. These systems enable risk leaders to measure the performance of their cybersecurity program and align investments and actions with the highest measurable impact over time. With security ratings correlated to data breaches and financial performance, security professionals can efficiently allocate resources on the most critical areas of cyber risk within their organization and facilitate data-driven conversations around cyber security among key stakeholders, the C-suite and the Board of Directors.

SMP systems provide tools for tracking and improving a security programs performance over time. Through broad measurement, continuous monitoring, and detailed planning and forecasting, they enable continuous visibility into the expanding digital footprint, enabling streamlined operations for reducing cyber risk and driving accountability for security outcomes.

The cost of a data breach is well documented, but not all data outage is down to a cyberattack, many are due to human error or simply forgetting to renew a machine ID certificate. Therefore, on-going testing and automated scanning, to detect out of date software, certificates, or operating systems, is key to maintaining a solid security position. Testing in a controlled way within a given timeframe also takes away the stress, should something go wrong, and provides time to reflect on results and plan an appropriate way to deal with them. This ensures that investments in security controls are efficient and effective.

A preventative approach is always going to be the most effective in terms of cost and security. But, if you do not know if your protection is working, you could be drawn into a false sense of security and only realize your weaknesses when you are breached when it is already too late.

See:  https://redskyalliance.org/xindustry/news-flash-it-costs-less-to-prevent-a-cyber-attack-than-to-pay-fo

While you are considering your testing resiliency plan, what should your team be doing right now?

Red Sky Alliance recommends the following:

  • All data in transmission and at rest should be encrypted.
  • Proper data back-up and off-site storage policies should be adopted and followed. Do you have hot-back servers at another location?
  • Engage a database security firm and review all locations and access points. Monitor and update access and levels. Does everyone need access to everything, all of the time?
  • Implement 2-Factor authentication-company wide.
  • For USA companies, join and become active in your local Infragard chapter, there is no charge for membership. infragard.org
  • Join an industry ISAC or ISOA that welcomes and allows cyber threat sharing and defense strategies, some of these are free or at a nominal annual membership fee.
  • Update disaster recovery plans and emergency procedures with cyber threat recovery plans. And test them.
  • Institute cyber threat and phishing training for all employees, with testing and updating.
  • Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants. And require IT team review and approval all software and devices, set some standards.
  • Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
  • Dark web investigations, is your network access already for sale? What is the sales value of the data you are storing to buyers on the dark web?  Are you an attractive target?
  • Ensure that all software updates and patches are installed immediately. No exceptions.
  • Engage the services of a company that can inform you of targeted cyber threats against your organization that has the features to enter these threat IPs into your SIEM daily for blacklisting.
  • Purchase cyber insurance coverage if you can find an affordable policy.
  • If you are presented with a ransom demand, remember the cyber actor may have already checked-out the coverage amounts of your insurance and will demand the total amount or more. Do not open the demand email immediately, as the time clock for payment will begin.

Consider and implement these recommendations now, before a breach or Ransomware demand appears before your plans and tests are completed.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and offers pro-active solutions to protect your networks.  Cyber intelligence is a needed key for your over-all cyber security.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com    

 

Weekly Cyber Intelligence Briefings:


https://www.redskyalliance.org/
https://www.wapacklabs.com/
https://www.linkedin.com/company/64265941 


Weekly Cyber Intelligence Briefings:


REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516

 

Article HERE

Views: 56
Tags: resilience, cyber resilience
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!