How Good Is Your Resilience Testing?

Uploaded on 2021-12-08 in TECHNOLOGY--Resilience, FREE TO VIEW

There have always been funny stories about failed recoveries from cyber incidents. One I remember, was back in the days of the floppy disk; the client regularly took backups on disk, giving them to his administrator and asking for them to be filed. It was only when a failure occurred that he asked for the latest backup disk and discovered it had been filed in a ring folder, with two neat punch holes in it!

This story highlights that any resilience measure must be tested on a regular basis, and not just when the ‘stuff’ has hit the fan.

A common test of a network’s resilience is Penetration Testing, or a PEN Test, which is a process that involves discovering security gaps and vulnerabilities within networks and applications. It is often called ethical hacking, as your network is essentially getting hacked but without causing the damage a normal cyber-attack would inflict.
The PEN tester attempts to probe your infrastructure and exploit vulnerabilities with advanced tools and methodologies, just like a real hacker would do. The aim is to uncover any security issues that allow hackers access to sensitive data and systems. Reports from the PEN Test, outline issues enabling IT teams to fix them and improve overall business security.

In theory, a PEN test sounds great, which is why so many businesses jump to the conclusion that they need one. But there are alternatives, such as Vulnerability Assessments, which will tell you, upfront, what security is, and is not, in place. From these reports any highlighted issues can be confronted. 

Vulnerability Assessments - Cost Effective

Vulnerability Assessments tend to be much more cost-effective than a PEN test. They can be run multiple times or, be set for a scheduled scan, say each quarter, to check security posture. This makes fixing issues easier as the work is spread out over the year, whereas a PEN test, done once or twice a year, means any issues discovered need to be fixed immediately and together.

When considering resilience, it is critical to assess how data, including emails, are backed up or, in the event of a disaster, how quickly new systems could be brought online, with all data in place and available to users. Many of the latest systems enable data to be stored in different locations and media types. This is often cheaper and more robust than traditional backup solutions. The ability to test a complete or partial restore is made easy and non-disruptive and can be done monthly. Even testing the Disaster Recovery process is straightforward and can enable an organisation to actually see how long it would take to restore data onto new devices. Such ‘real’ information is vital to understand as it forms the basis of any recovery programme.
 
Networks are not alone in being able to be tested for resilience, it also applies to endpoints and applications, using breach simulation tools known as Breach & Attack Simulation (BAS) technology.

BAS Technology   

A BAS service is fully automated and launches attacks on selected services such as email, web, phishing campaigns, supply chain attacks and ransomware across the full cyber kill-chain. These attacks are fully customisable in an open framework with the most comprehensive repository of assessments and executions gathered from numerous attacks, which allow real-life situations to be explored in any environment.

Once the simulation has been completed, the current exposure, attackable vulnerabilities, misconfigurations, and security gaps are shown. Thereafter, security performance with a risk-score, based on proven methodologies, including NIST, CVSS V3 and Microsoft DREAD can be measured and track ed. This intelligence is vital in order to understand progress in protecting the network and data and can also be a valuable report to share with The Board, to confirm the data security investment.

Arrival of Security Performance Management

 A new area of real-time resilience testing and monitoring has formed under the term ‘Security Performance Management’ (SMP) tools. These systems enable risk leaders to measure the performance of their cybersecurity programme and align investments and actions with the highest measurable impact over time. With security ratings correlated to data breaches and financial performance, security professionals can efficiently allocate resources on the most critical areas of cyber risk within their organisation and facilitate data-driven conversations around cyber security among key stakeholders and, The Board.
 
SMP systems provide tools for tracking and improving a security programmes performance over time. Through broad measurement, continuous monitoring, and detailed planning and forecasting, they enable continuous visibility into the expanding digital footprint, enabling streamlined operations for reducing cyber risk and driving accountability for security outcomes.
 
The cost of a data breach is well documented, but not all data outage is down to a cyber attack, many are due to human error or simply forgetting to renew a machine ID certificate. Therefore, on-going testing and automated scanning, to detect out of date software, certificates, or operating systems, is key to maintaining a solid security position. Testing in a controlled way within a given timeframe also takes away the stress, should something go wrong, and provides time to reflect on results and plan an appropriate way to deal with them. This ensures that investments in security controls are efficient and effective.
 
At the end of the day, a preventative approach is always going to be the most effective in terms of cost and security. But, if you do not know if your protection is working, you could be drawn into a false sense of security and only realise your weaknesses when you are breached - not a good place to be. 

Whatever security solutions are in place, ensure they are tested for effectiveness in a calm and controlled manner, you will sleep better, trust me!

Colin Tankard is Managing Director of  Digital Pathways

You Might Also Read: 

Data Is Your Most Valuable Asset. How Are You Protecting Yours?:

 

« Amazon Cloud Outage Affects Major Customers
Cyber Security In 2022 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

it-sa 365

it-sa 365

it-sa 365 is a digital platform for connecting IT security vendors and experts with those who bear responsibility for IT security in management and technology.

Echelon

Echelon

Echelon Company is a provider of information security services specializing in certification of security software and hardware products in Russia.

Cobalt Labs

Cobalt Labs

Pen Testing as a Service for Modern SaaS Businesses. Cobalt is redefining the modern pen test for companies who want serious hacker-like testing built into their development cycle.

SQN Banking Systems

SQN Banking Systems

SQN Banking Systems fraud detection software products are a critical step towards overcoming the growing problem of fraud across the various payment channels.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

Appgate

Appgate

Appgate is the secure access company. We empower how people work and connect by providing solutions purpose-built on Zero Trust security principles.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

Softcat

Softcat

Softcat offer a broad portfolio of IT services and solutions covering Hybrid Infrastructure, Cyber Security, Digital Workspace and IT Intelligence.

Tetrate.io

Tetrate.io

Tetrate Service Bridge provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

AMSYS Innovative Solutions

AMSYS Innovative Solutions

AMSYS is a full-service, 24/7/365 IT solutions, Cybersecurity & Managed Service Provider.

Mitigo Group

Mitigo Group

Mitigo offers a well considered and effective approach to keeping businesses completely secure from any digital attacks.

Lakera

Lakera

Lakera empowers developers and organizations to build GenAI applications without worrying about AI security risks.

Aspire Technology Solutions

Aspire Technology Solutions

Aspire is an award-winning IT Managed Service and Cyber Security Provider. We specialise in cyber security, cloud, connectivity, managed services, unified communications and IT support.

Capzul

Capzul

Capzul are transforming the network security landscape with a new approach; creating virtually impenetrable networks, precluding cybercriminal attacks on your network ecosystem.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.

BeckTek

BeckTek

BeckTek specialize in IT Cyber Security & Support, helping clients run their businesses faster, easier and more profitably.