How Good Is Your Resilience Testing?

Uploaded on 2021-12-08 in TECHNOLOGY--Resilience, FREE TO VIEW

There have always been funny stories about failed recoveries from cyber incidents. One I remember, was back in the days of the floppy disk; the client regularly took backups on disk, giving them to his administrator and asking for them to be filed. It was only when a failure occurred that he asked for the latest backup disk and discovered it had been filed in a ring folder, with two neat punch holes in it!

This story highlights that any resilience measure must be tested on a regular basis, and not just when the ‘stuff’ has hit the fan.

A common test of a network’s resilience is Penetration Testing, or a PEN Test, which is a process that involves discovering security gaps and vulnerabilities within networks and applications. It is often called ethical hacking, as your network is essentially getting hacked but without causing the damage a normal cyber-attack would inflict.
The PEN tester attempts to probe your infrastructure and exploit vulnerabilities with advanced tools and methodologies, just like a real hacker would do. The aim is to uncover any security issues that allow hackers access to sensitive data and systems. Reports from the PEN Test, outline issues enabling IT teams to fix them and improve overall business security.

In theory, a PEN test sounds great, which is why so many businesses jump to the conclusion that they need one. But there are alternatives, such as Vulnerability Assessments, which will tell you, upfront, what security is, and is not, in place. From these reports any highlighted issues can be confronted. 

Vulnerability Assessments - Cost Effective

Vulnerability Assessments tend to be much more cost-effective than a PEN test. They can be run multiple times or, be set for a scheduled scan, say each quarter, to check security posture. This makes fixing issues easier as the work is spread out over the year, whereas a PEN test, done once or twice a year, means any issues discovered need to be fixed immediately and together.

When considering resilience, it is critical to assess how data, including emails, are backed up or, in the event of a disaster, how quickly new systems could be brought online, with all data in place and available to users. Many of the latest systems enable data to be stored in different locations and media types. This is often cheaper and more robust than traditional backup solutions. The ability to test a complete or partial restore is made easy and non-disruptive and can be done monthly. Even testing the Disaster Recovery process is straightforward and can enable an organisation to actually see how long it would take to restore data onto new devices. Such ‘real’ information is vital to understand as it forms the basis of any recovery programme.
 
Networks are not alone in being able to be tested for resilience, it also applies to endpoints and applications, using breach simulation tools known as Breach & Attack Simulation (BAS) technology.

BAS Technology   

A BAS service is fully automated and launches attacks on selected services such as email, web, phishing campaigns, supply chain attacks and ransomware across the full cyber kill-chain. These attacks are fully customisable in an open framework with the most comprehensive repository of assessments and executions gathered from numerous attacks, which allow real-life situations to be explored in any environment.

Once the simulation has been completed, the current exposure, attackable vulnerabilities, misconfigurations, and security gaps are shown. Thereafter, security performance with a risk-score, based on proven methodologies, including NIST, CVSS V3 and Microsoft DREAD can be measured and track ed. This intelligence is vital in order to understand progress in protecting the network and data and can also be a valuable report to share with The Board, to confirm the data security investment.

Arrival of Security Performance Management

 A new area of real-time resilience testing and monitoring has formed under the term ‘Security Performance Management’ (SMP) tools. These systems enable risk leaders to measure the performance of their cybersecurity programme and align investments and actions with the highest measurable impact over time. With security ratings correlated to data breaches and financial performance, security professionals can efficiently allocate resources on the most critical areas of cyber risk within their organisation and facilitate data-driven conversations around cyber security among key stakeholders and, The Board.
 
SMP systems provide tools for tracking and improving a security programmes performance over time. Through broad measurement, continuous monitoring, and detailed planning and forecasting, they enable continuous visibility into the expanding digital footprint, enabling streamlined operations for reducing cyber risk and driving accountability for security outcomes.
 
The cost of a data breach is well documented, but not all data outage is down to a cyber attack, many are due to human error or simply forgetting to renew a machine ID certificate. Therefore, on-going testing and automated scanning, to detect out of date software, certificates, or operating systems, is key to maintaining a solid security position. Testing in a controlled way within a given timeframe also takes away the stress, should something go wrong, and provides time to reflect on results and plan an appropriate way to deal with them. This ensures that investments in security controls are efficient and effective.
 
At the end of the day, a preventative approach is always going to be the most effective in terms of cost and security. But, if you do not know if your protection is working, you could be drawn into a false sense of security and only realise your weaknesses when you are breached - not a good place to be. 

Whatever security solutions are in place, ensure they are tested for effectiveness in a calm and controlled manner, you will sleep better, trust me!

Colin Tankard is Managing Director of  Digital Pathways

You Might Also Read: 

Data Is Your Most Valuable Asset. How Are You Protecting Yours?:

 

« Amazon Cloud Outage Affects Major Customers
Cyber Security In 2022 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

Device Authority

Device Authority

Device Authority specialises in security automation for the Internet of Things (IoT).

International School of IT Security (ISITS)

International School of IT Security (ISITS)

The International School of IT Security (ISITS) is a leading provider of professional training in the field of IT Security.

National Institute of Information and Communications Technology (NICT) - Japan

National Institute of Information and Communications Technology (NICT) - Japan

NICT is Japan’s sole National Research and Development Agency specializing in the field of information and communications technology.

Nexthink

Nexthink

Using our solution, hundreds of IT departments effectively balance offering a productive and enjoyable end-user experience with making the right decisions to secure and transform the digital workplace

National Center for Manufacturing Sciences (NCMS) - USA

National Center for Manufacturing Sciences (NCMS) - USA

NCMS is a cross-industry technology development consortium, dedicated to improving the competitiveness of the US industrial base. Strategic initiatives include industrial cyber security.

CyberCareers.gov

CyberCareers.gov

CyberCareers.gov is a platform for Cybersecurity Job Seekers, Federal Hiring Managers and Supervisors, Current Federal Cybersecurity Employees, Students and Universities.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

Coveware

Coveware

Coveware helps businesses remediate ransomware. We help companies recover after files have been encrypted, and our analytic, monitoring and alerting tools help companies prevent ransomware incidents.

Hyperproof

Hyperproof

Hyperproof is a cloud-based compliance operations software. Launch new programs immediately, collect evidence automatically, and manage a compliance program intelligently.

Cisco Networking Academy

Cisco Networking Academy

Cisco Networking Academy is the world's largest classroom, bringing technology education, 21st-century skills, and improved jobs prospects since 1997.

Focus on Security

Focus on Security

Focus on Security are Cyber Security recruitment specialists. We’re dedicated to connecting you with the top Cyber Security talent across the globe. We focus on partnerships and results.

Stack Identity

Stack Identity

Stack Identity protects access to cloud data by prioritizing identity and access vulnerabilities via a live data attack map.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.