Most organizations have the basic security of their ICT infrastructures covered and thereby strengthened. However, cyber criminals are extremely smart and are constantly developing new tools and techniques to anticipate these defenses. To reduce the distance, more is needed than just taking basic measures: a better insight into the attackers, their working methods and always validating the state of your security gives organizations this in-depth look.
It is hard to avoid. The media is covered with articles about companies and organizations that have been “attacked” and what the consequences where. Fortunately, as the number of security risks has grown, so has security awareness in recent years. And because more and more organizations are implementing the basic measures, there is often a solid security foundation.
Some examples of basic measures:
- Turn on multi-factor authentication (2FA).
- Provide segmentation of networks.
- Use the principle of least privilege for access.
- Make regular backups, and
- Patch systems on time.
This foundation is a must. As (ransomware)attacks become more and more sophisticated, these measures, however, are not nearly enough to be able to fend off all threats. In order to be able to withstand cyberattacks, a more in-depth look is needed in the security measures.
Attack modeling and kill chain
To take this extra step in your ICT-security, a good profile of the attacker and what he is capable of, is needed. An attack can take many routes and criminals have an arsenal of various tools and tricks. Besides that, each group has its own working method. By modeling attacks ('attack modeling'), you can better anticipate the course (the 'kill chain') and so adjust your defense accordingly. The MITRE Attack Framework is a useful tool to get a better understanding of the kill chain by specific attackers with the help of the underlying documentation. The MITRE Defend Framework provides tools to help better predict the path of the attack and adapt specific measures accordingly.
Validation of your cybersecurity
You can’t lean back by thinking attack modeling will do the trick. Organizations sometimes feel safe with the aforementioned basic measures, but various test done by Securify show that this is far from true. This sense of security is created, for example, by monitoring services that should detect techniques from the MITRE framework, but in practice only pick up a fraction due to, for example, implementation and/or configuration errors.
In almost every organization there are situations where systems work slightly differently than expected, where monitoring is set up slightly differently than it should be or where the playbooks skip just that one crucial step necessary to successfully detect the impact of an attack and mitigate. Unfortunately, the necessary validation of security measures is often skipped, let alone repeated regularly. Also phishing tests to test security awareness and the standard annual pentest do not offer peace of mind in a security landscape that changes every day.
You get a much better insight into the state of your defense by means of a Red Teaming assessment. An external party attacks your organization through digital and physical routes, while your own Blue (defensive) team tries to avert it. And where employees usually know, during a normal pentest, that it is taking place and can prepare for it, at Red Teaming they are literally ambushed. This treats the test as a realistic attack. In this simulation it is clear whether implemented security measures work as designed and whether employees respond in an adequate way.
Scenario Based Pentest
A Red Teaming attack is an extensive process, with multiple objectives, attack methods and an average lead time of 3-6 months. An organization must provide its own Blue team/SOC, and there for a Red Teaming is not always possible. Precisely for this reason, the Scenario Based Pentest was developed by Securify. A scenario-based penetration test that simulates a highly sophisticated attack to assess how an organization responds to, for example, ransomware or an internal attacker. This provides concrete insights about how organizations deal with specific threats, so you can integrate them into response strategies and playbooks, to more efficiently resolve security incidents. The average turnaround time for a Scenario Based Pentest is 1-2 months.
Continuous testing by various evaluation methods is inevitable
Red Teaming is gaining popularity and will even become a standard at the Dutch national government from 2025 on. It is not advisable to wait until then to strengthen validation methods: criminals do not do so either. That’s why you should already orientate yourself on a Red Teaming (if your organization meets the necessary requirements) or the more than effective Scenario Based Pentest.
And above all: keep testing because the world of cybersecurity is always evolving. Technologies and techniques are constantly evaluating and creating new vulnerabilities. Test results quickly become outdated, so regular testing is essential to maintain confidence in one's own defence. It is also not a question of just a pentest, Scenario Based Pentest or Red Teaming. By periodically deploying different evaluation methods, you are more often better informed about the security status of your ICT infrastructures and the resilience of your organization. As a result you are able to identify and remedy holes in the security more quickly.
Would you like to know more about the validation options for your organization and IT environment? Please contact Securify by telephone +31 (0)20 82 04 516 or send an email to firstname.lastname@example.org