How Good Is Your Resilience Testing?

There have always been funny stories about failed recoveries from cyber incidents. One I remember, was back in the days of the floppy disk; the client regularly took backups on disk, giving them to his administrator and asking for them to be filed. It was only when a failure occurred that he asked for the latest backup disk and discovered it had been filed in a ring folder, with two neat punch holes in it!

This story highlights that any resilience measure must be tested on a regular basis, and not just when the ‘stuff’ has hit the fan.

A common test of a network’s resilience is Penetration Testing, or a PEN Test, which is a process that involves discovering security gaps and vulnerabilities within networks and applications. It is often called ethical hacking, as your network is essentially getting hacked but without causing the damage a normal cyber-attack would inflict.
The PEN tester attempts to probe your infrastructure and exploit vulnerabilities with advanced tools and methodologies, just like a real hacker would do. The aim is to uncover any security issues that allow hackers access to sensitive data and systems. Reports from the PEN Test, outline issues enabling IT teams to fix them and improve overall business security.

In theory, a PEN test sounds great, which is why so many businesses jump to the conclusion that they need one. But there are alternatives, such as Vulnerability Assessments, which will tell you, upfront, what security is, and is not, in place. From these reports any highlighted issues can be confronted. 

Vulnerability Assessments - Cost Effective

Vulnerability Assessments tend to be much more cost-effective than a PEN test. They can be run multiple times or, be set for a scheduled scan, say each quarter, to check security posture. This makes fixing issues easier as the work is spread out over the year, whereas a PEN test, done once or twice a year, means any issues discovered need to be fixed immediately and together.

When considering resilience, it is critical to assess how data, including emails, are backed up or, in the event of a disaster, how quickly new systems could be brought online, with all data in place and available to users. Many of the latest systems enable data to be stored in different locations and media types. This is often cheaper and more robust than traditional backup solutions. The ability to test a complete or partial restore is made easy and non-disruptive and can be done monthly. Even testing the Disaster Recovery process is straightforward and can enable an organisation to actually see how long it would take to restore data onto new devices. Such ‘real’ information is vital to understand as it forms the basis of any recovery programme.
 
Networks are not alone in being able to be tested for resilience, it also applies to endpoints and applications, using breach simulation tools known as Breach & Attack Simulation (BAS) technology.

BAS Technology   

A BAS service is fully automated and launches attacks on selected services such as email, web, phishing campaigns, supply chain attacks and ransomware across the full cyber kill-chain. These attacks are fully customisable in an open framework with the most comprehensive repository of assessments and executions gathered from numerous attacks, which allow real-life situations to be explored in any environment.

Once the simulation has been completed, the current exposure, attackable vulnerabilities, misconfigurations, and security gaps are shown. Thereafter, security performance with a risk-score, based on proven methodologies, including NIST, CVSS V3 and Microsoft DREAD can be measured and track ed. This intelligence is vital in order to understand progress in protecting the network and data and can also be a valuable report to share with The Board, to confirm the data security investment.

Arrival of Security Performance Management

 A new area of real-time resilience testing and monitoring has formed under the term ‘Security Performance Management’ (SMP) tools. These systems enable risk leaders to measure the performance of their cybersecurity programme and align investments and actions with the highest measurable impact over time. With security ratings correlated to data breaches and financial performance, security professionals can efficiently allocate resources on the most critical areas of cyber risk within their organisation and facilitate data-driven conversations around cyber security among key stakeholders and, The Board.
 
SMP systems provide tools for tracking and improving a security programmes performance over time. Through broad measurement, continuous monitoring, and detailed planning and forecasting, they enable continuous visibility into the expanding digital footprint, enabling streamlined operations for reducing cyber risk and driving accountability for security outcomes.
 
The cost of a data breach is well documented, but not all data outage is down to a cyber attack, many are due to human error or simply forgetting to renew a machine ID certificate. Therefore, on-going testing and automated scanning, to detect out of date software, certificates, or operating systems, is key to maintaining a solid security position. Testing in a controlled way within a given timeframe also takes away the stress, should something go wrong, and provides time to reflect on results and plan an appropriate way to deal with them. This ensures that investments in security controls are efficient and effective.
 
At the end of the day, a preventative approach is always going to be the most effective in terms of cost and security. But, if you do not know if your protection is working, you could be drawn into a false sense of security and only realise your weaknesses when you are breached - not a good place to be. 

Whatever security solutions are in place, ensure they are tested for effectiveness in a calm and controlled manner, you will sleep better, trust me!

Colin Tankard is Managing Director of  Digital Pathways

You Might Also Read: 

Data Is Your Most Valuable Asset. How Are You Protecting Yours?:

 

« Amazon Cloud Outage Affects Major Customers
Cyber Security In 2022 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

Armor

Armor

Armor provide managed cloud security solutions for public, private, hybrid or on-premise cloud environments.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

TryHackMe

TryHackMe

TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers.

RedHunt Labs

RedHunt Labs

RedHunt Labs is a premier Cybersecurity Solutions provider, offering Attack Surface Management solution 'NVADR' and Penetration Testing services.

Conseal Security

Conseal Security

Mobile app security testing done well. Conseal Security are specialists in mobile app penetration testing. Our expert-led security analysis quickly finds security vulnerabilities in your apps.

Etisalat and (e&)

Etisalat and (e&)

Etisalat Group is one of the world’s leading telecom groups in emerging markets.

UNS Inc.

UNS Inc.

UNS is a top services partner for multiple leaders in the global cybersecurity industry – we do business in 40 countries, including the United States, Canada, Chile, and Colombia.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

Syntura

Syntura

Syntura is your trusted partner for advisory, infrastructure and managed services.