Post-Breach and Attack Simulation: Next Steps for Your Organization
In the latest cybersecurity report published by Accenture, it was revealed that the incident volume of cyber-attacks has increased by 125 percent year-on-year. What’s more worrisome is that this increase does not discriminate–it has been noticed across all industries and countries.
Some of the most common methods of attack, according to the report, were ransomware, extortion, and intrusions in the supply chain.
It is apparent that cybersecurity is going to be a crucial concern for all industries moving forward. All companies need to be aware of their security posture and determine if their infrastructure is secure enough to withstand attacks.
As organizations try to get one step ahead of cybercriminals, different security validation methods have risen in popularity. The most robust security validation method at the moment is breach and attack simulation (BAS). The implementation of breach and attack simulation has increased the resilience of many companies. BAS allows for continuous simulated and automated attacks on the organization’s IT infrastructure. It essentially mimics the attacks of cybercriminals, using the extensive database of MITRE ATT&CK. This is a known knowledge base that contains all of the adversary tactics used by cybercriminals.
The effectiveness of breach and attack simulation to reveal security vulnerabilities in the network has resulted in it becoming one of the most preferred ways of assessing the organization’s security. In fact, it is estimated that by 2027, the global breach and attack simulation market will grow 37.8 percent compared to 2018 figures. A revenue of at least $1.68 billion.
What comes after BAS?
But what comes after breach and attack simulation? After initial tests, the BAS platform will generate a report that will indicate all the security vulnerabilities identified during the test along with suggestions for solutions. Moving forward the organization can do a number of things with that information.
The report generated by your BAS efforts is invaluable because of the information it provides to the cybersecurity team. The cybersecurity team now needs to pore over the report and evaluate the vulnerabilities. As a best practice, the team will assign threat levels for these vulnerabilities.
Tackling the vulnerabilities
Now that the vulnerabilities have been evaluated, the team now needs to categorize the vulnerabilities. Not everything that is generated by the report needs to be addressed right away. Depending on the size of the department, some vulnerabilities will need to be prioritized, while some will be fixed at a later time.
For teams, those that present the worst level of vulnerability will be completely fixed or patched. Other vulnerabilities will be treated with mitigating solutions—ones that will lessen the possibility of the vulnerability to be exploited by malicious actors.
For vulnerabilities that are either considered extremely low risk, have unjustifiable cost implications compared to the level of risk, or those that are essentially needed as fixing it will cause more problems (e.g. open ports needed for employees to access the network remotely), then they are left unfixed.
Teams will also need to devise security protocols that are informed by the data provided by the BAS report. For many organizations, security protocols are created with a generalized view of security implementation. It does not address specific vulnerabilities. For robust organizations, cybersecurity teams will often provide vulnerability-specific protocols—for example, phishing vulnerabilities—and create policies around them.
One thing that has become increasingly prevalent has been providing comprehensive security policies that are implemented in cooperation with employees. Because of the COVID-19 pandemic, a vast number of organizations all over the world have implemented hybrid work or work-at-home arrangements. This has left employees working remotely as a possible gateway for accessing the organization’s network.
Cybersecurity teams are aware of this and, coupled with the insights gained from the BAS report, now disseminate security policies that seek to educate employees about the possible dangers the organization is facing and also institute security steps to help in ensuring that employees’ access to the network is secure, wherever they are.
Aligning with the C-suite
For many organizations, the common practice is to present a generalized recommendation of suggested security protocols and implementations to the C-suite. But this is a potential lost opportunity.
The topic of cybersecurity is oftentimes not extensively prioritized because the C-suite is not involved in the whole process, except at the very last step in the security process. This leads to miscommunication between both parties. With the C-suite not totally understanding the depth and breadth of the impact of cybersecurity breaches, and the cybersecurity team not fully grasping the limitations of the C-suite when assessing the organization from an operational and financial perspective.
The C-suite and the cybersecurity team should build a culture where there is a true dialogue between the two and foster a collaborative environment. The cybersecurity team should take it upon themselves to provide the C-suite with information that will help the latter to fully appreciate the effects of cybersecurity breaches in an organization.
Most of the resistance that comes from the C-suite mainly comes from not fully understanding what the cybersecurity team does and the real value in what they do. With an average lost revenue of about $3.86 million for each data breach, the C-level executives should realize that cybersecurity is not a cost center but a team that can help in preventing an expensive disaster from happening. By creating a synergy between the two parties, the value of the BAS report becomes exponentially greater.
The security of the organization should be a cause for major concern. Implementing breach and attack simulation tests will especially enhance the security posture of the organization especially if they use that information to follow a process that will plug in these vulnerabilities. But an important step to the post-BAS procedures is involving the C-suite so that they can champion the efforts of the cybersecurity team.