Andrus Kivisaar of CybExer Technologies
The cyber security and cyber threat landscapes are ever-changing as new technologies and methodologies evolve on both sides. As 2022 comes to an end, we’ve seen a rise in detrimental cyber breaches. Ransomware attacks have become more frequent and sophisticated, large-scale breaches continue to wreak havoc on large organisations, state-sponsored attacks have become more prevalent, and attacks on handheld devices are bringing the war on cybercrime into our homes, says Andrus Kivisaar, co-founder and CEO of CybExer Technologies.
Whilst attackers are continually evolving their operations, the cyber industry is making strides of its own to combat these threats. From the innovation of new technological applications to the encouragement of stronger public diligence, we are starting to see organisations and businesses better prepare all types of users to spot and respond to malicious attacks.
Ransomware on the rise
Ransomware is one of the biggest global threats in cyber security, with reports showing a global increase of 42% of cyberattacks using ransomware in 2022. Hackers commit these breaches for monetary gain, forcing organisations to pay them off with threats to leak important data. Any company with an online presence should be prepared to respond to a cyber attack with a ransomware scenario played through – this requires planning and practice to avoid panic.
Triple extortion is the latest development in ransomware tactics, used by cybercriminals to cause maximum damage to businesses. Phase one of this attack is the data breach, phase two is the encryption of that data, and phase three [triple extortion] is the manipulation of this data to cause serious damage to the business.
Although all organisations can fall victim to ransomware cyber-attacks, businesses are currently most at risk. Unfortunately, most businesses are not committing enough time and resources to their cyber preparedness, and pay up in search of a quick resolution. For every organisation that pays ransom, there is a hacker that is spurred on to launch another attack. By arming businesses and their teams with the knowledge to act quickly and decisively in the event of a cyber-attack, companies can minimise the damage invoked by malicious ransomware, and help curb the success of such attacks.
State-sponsored attacks to continue
Cyber-attacks perpetrated by nation-states targeting critical infrastructure jumped from 20% to 40% between July 2021 and June 2022. No greater or more prominent example of this cyber warfare comes to mind quicker than that of Russia over the last year.
State-sponsored cyber warfare takes different forms and follows different tactics depending on the long or short-term goal of the attacking country. This can be to collect intelligence, act with outward aggression, or make a public statement think of Russia hacking into various Ukrainian government websites to deface them prior to the war, or attacking critical infrastructure to cause even more damage.
There is not a coherent or conventional definition of what cyber weapons are or what a successful outcome is as there is a great deal of variety in the methods used. We do know the Ukrainian response has been strong in keeping the Russians at bay and minimising damage. The strong coordination and information sharing between communities, the state, and individuals have created a solid response and made them an even harder cyber target for Russia to hit. Cooperation between private and public sectors in their cyber resistance, unity, and understanding has highlighted the importance of a cyber-minded civil society for the world to follow suit.
These severe situations highlight why every entity whether that be a nation, company, or organisation – should realise the threat of state-sponsored attacks and ransomware and have effective strategies and training practices in place.
Ethical hacking how it can prepare you and your teams
Ethical hacking is on the rise as a new tool for organisations to better understand their IT infrastructure, its weaknesses, and what can be done to create better security from cyber threats. Some ethical hackers work alone, testing business IT systems independently, before contacting the company to let them know about areas of weakness. However, even more useful for businesses is the introduction of new simulation-based cyber training and response tools, such as cyber ranges, that allow IT teams to make a like-for-like copy of their IT systems, before launching different kinds of attacks to gather metrics about their performance under pressure.
What differentiates the ethical hacker from the malicious hacker is the purpose and the intention of the act itself. Cyber Ranges host realistic IT environments where attackers can play out a full cyber kill-chain on realistic environments. Nowadays the attacks are conducted as team-based efforts and in most cases, a good hacker is a team player who is specialised in one aspect of the kill chain (reconnaissance, Web, Network, Client-side or payload team) but is also able to follow the full chain. For example, one team can proxy the other team in with the access they have already gained. So the main point is that the attack is conducted as a team effort but every team member is doing their part as an individual, and then provides the data or resources to other team members.
There are also simpler ways of going through solving specific tasks in a timeframe to understand if the person has the necessary technical skills to start with. One of the most respected standards in this field is the Workforce Framework for Cybersecurity (NICE Framework) which is a set of skills that sets a constantly evolving standard for any cybersecurity workforce. We are happy to say that CybExer’s cyber range has the NICE Framework skills testing integrated into its capabilities. NICE Framework applies also to education.
Unlimited cyber range potential
Cyber ranges are also essential for supporting assets in digital transformation processes, since it builds up virtualized environments, tests systems, and helps increase an understanding of how different technologies integrate and what the security aspects are. Cyber ranges are able to support not only training, exercises or testing, but can be used to establish proof of concept with new technologies, systems and integration projects. Cyber ranges are an effective and powerful tool – the largest training environments that have been deployed consist of up to 5000 virtual machines including business IT and Operational Technology components, making the cyber range use-case portfolio endless.
With an ever-growing need for cyber training from individuals to large companies, to educational and military institutions the Cyber-range-as-a-service era is upon us. Proprietors of some of the world’s most sophisticated cyber ranges are, by delivering cloud-based cyber security training and operations testing as SaaS offerings, drastically improving accessibility to really sophisticated tools, and making leaps forward in the mission to democratise cyber security training.
Utilising training in this format provides a multitude of benefits including reduced installation time, lower costs, scalability and integration, and so on. Cyber range technology will continue to evolve to better prepare companies and their people to identify and respond to a variety of cyber-attacks while empowering the human potential in cyberspace.
The author is Andrus Kivisaar, co-founder and CEO of CybExer Technologies.
Follow us and Comment on Twitter @TheEE_io