Armand Kruger, NEC XON Head of Cyber Security.
NEC XON helps customers mature their cybersecurity posture to achieve strategic outcomes by focusing on key drivers such as moving to multi-cloud environments, network architecture and topology revisions, IoT and 5G adoption, deeper changes to create competitive advantage, secure more market share, and increase revenues. It helps organisations mature progressively, from point security through aggregation and correlation of multiple points to orchestration and automation of interaction between points.
As cyber threats relentlessly grow in sophistication, cybersecurity programs need to adopt a more holistic approach that encompasses simulated attack scenarios beyond just technology, according to Armand Kruger, Head of Cyber Security at NEC XON Systems. Why? Because the impact of cybercrime goes beyond IT. Cyber crime’s annual impact on SA is estimated at R2.2bnaccording to a recent statement by Billy Petzer, research group leader: cyber security systems, at the Council for Scientific and Industrial Research (CSIR).
Kruger points out that cyber attacks affect business processes – not just IT software and infrastructure. Current corporate cyber attack simulations often focus solely on technical aspects, leaving a significant gap in preparedness. By integrating business leaders into planning and thinking, holistic scenarios enable organisations to consider implications beyond technology, ultimately enhancing their cybersecurity readiness,” Kruger says.
“I was recently in an incident response scenario where the company was infiltrated by ransom operators,” recounts Kruger. “Through an open executive discussion in the boardroom, we were able to comfortably communicate in business language and explore ‘what if’ scenarios. This natural environment allowed executives to discover the implications for themselves, leading to improved executive buy-in and a better understanding of the necessary cybersecurity budget and resource allocation.”
“NEC XON Systems, for example, runs attack scenarios that not only delve into the tactics employed by ransomware operators but also consider the broader business context and its implications.’ says Kruger. Questions such as “How would we react if ransomware actors attacked?” and “Do all business players understand their roles in such an event?” are crucial to building a comprehensive response strategy. The scope extends beyond IT departments, involving teams like PR and communications to address external messaging and media engagement. It is vital for cybersecurity plans to incorporate these facets and not solely focus on the technical aspects.
Procurement – the forgotten cyberattack response process
One oft-overlooked area in simulated attack scenarios is procurement, which plays a crucial cybersecurity role and needs mature processes in the event of an incident. To address the urgency of cybersecurity incidents, organisations should incorporate emergency spend workflows into their procurement processes, enabling quick and efficient allocation of resources within 24 hours instead of slow processes that take weeks or months.
Effective cybersecurity involves two main stages: incident response and crisis management. NEC XON Systems emphasises the importance of thorough preparation for incident response, noting that companies often neglect this critical aspect and go directly into crisis mode.
“Prepare like the military”
“Preparing for cyber threats is akin to military training, where practice makes perfect,” states Kruger. “Our goal is to ensure that cybersecurity teams know exactly what to do when faced with an attack.”
By incorporating cyber attack scenarios into their operations, businesses can better prepare themselves in two critical areas: communication and coordination. This approach not only identifies previously unidentified security gaps and architectural flaws but also creates a controlled environment to neutralise threats and maintain business continuity. It also helps organisations to quantify business risks and align stakeholders on appropriate response strategies.
“Businesses face cyber cartels, and through our process executives often realise that most attacks rely on social engineering,” adds Kruger. “By constantly updating and conducting drills, organisations can strengthen their cybersecurity defences and maintain a state of preparedness.”
Key benefits of attack scenario drills:
Tests the effectiveness of your current controls and safeguards: How resistant are they against cyber threat actors and risks? Validating those controls from the adversary’s perspective is key to determining if the solutions are correctly configured and if they work well together to create a defensible layer.
Identifies previously unidentified security gaps: Know what you don’t know. The outcomes of the attack scenarios might highlight security gaps. This proactive approach demonstrates how gaps could be exploited, and what countermeasures can be implemented.
Breaks down language barriers: Discussing different cyberattack scenarios with technical, management, and even business executives creates a common language. Questions like “If this happens, then what?” are asked, and multiple perspectives help executives to understand the risks and the business better.
Pinpoints architectural security design flaws: Determining if the overall architecture is designed in terms of the ability to restrict threat actors’ movement and manoeuvring abilities is vital. Having a strict architecture forces the adversary into an environment that is controlled by the business and allows for easier threat prevention, detection, and response.
Prepares the business for different cyberattacks: Businesses often face cyber breaches, and crisis management unfolds. Communication channels are broken, and incident response coordination is in complete chaos. Continuously simulating cyberattack scenarios helps organisations prepare. “Cyber drills” enhance technical controls, business communication, and inter-organisational coordination. NEC XON Systems urges organisations to adopt a holistic approach and proactively address threats to stay one step ahead of cybercriminals.