Man as a pillar of digital sustainability
“Man is the measure of all things” – it seems that what Protagoras said in the fifth century BC still remains relevant. And is man a measure of the immaterial that fills cyberspace? How do people become the mainstay of an organization, and their practical knowledge – the main link in the chain of cyber resilience?
Since the first hacking of information networks, cybercrime has grown both quantitatively and qualitatively. Now hackers are no longer teenagers from the militants of the 90s, holed up in their father’s garage in an attempt to gain access to a classified site. On the modern hackscene, you can meet both amateur singles and groups of “hacktivists” united by ideology. However, professional mercenary alliances are becoming the crown of the evolution of cybercriminals. Such criminal networks are the most dangerous: they are well–built, they act cautiously, their priority is financial gain.
In the context of a heated geopolitical situation and a fierce information war, more and more potential cybercriminals and criminal groups are involved in the confrontation. Every business is under threat: the next round of the eternal confrontation between the shield and the sword has begun, where some find the next weak points and attack, while others think ahead, dodge and try to prevent defeat.
Give up hope
The first step on the way to a successful defense for the company is fatalism. It is necessary to accept the inevitability of a cyberattack as a phenomenon: neither the fact of the attack, nor the profile and tools of the attacker can be influenced. But it is important what actions and at what speed will be performed during its detection.
Based on these introductory points, the digital sustainability of an organization is an effective result when making a chain of priority choices. It needs to be built in a comprehensive manner: we cannot limit ourselves to perimeter protection and means of monitoring information security events.
Of course, automation and technology have reached certain heights: heuristic analysis, machine learning methods and artificial intelligence are already being used to protect against cyber threats. But there are still a few percent of manual work that falls on the shoulders of a specialist. In the context of “here and now”, it will only matter how prompt and coordinated actions he will perform, which means that the level of his knowledge and skills is important.
Already, the market is experiencing an acute shortage of qualified information security specialists (according to Innostage estimates, about 50 thousand people), and the trend to increase demand will continue. Therefore, the next key step to preserve digital sustainability for organizations will be the revision and creation of internal training programs, skills development, transfer of key knowledge and mentoring – in other words, the construction of internal forges of personnel.
What is our life?
Special attention should be paid to the monitoring, Rapid response and Prevention of Cyber Threats (SOC) groups. For the most part, they include recent graduates of universities – a generation of zoomers who do not share Engels’ ideas about work, that workaholism is equal to achieving results. The best way to motivate them is to weave elements of gamification into training programs.
Every time a person performs a task, he develops hormones of happiness. Simply put, it is on the pleasure of receiving a reward for the result obtained at the end of the path (with overcome difficulties and permissible errors) that the craving for games is built. It’s even better if it’s fun in the process: from time to time, comic, awkward and not directly related to the topic of the task may get lost among the serious ones, for example, driving an office chair to the kitchen area.
A person acquires the best knowledge through living personal experience, while perceiving only what the level of consciousness will allow him. When talking about the same thing, people with different real experiences will mean completely different entities.
A person without deep reading experience will perceive Dostoevsky’s famous story only as a detective story. Also, a specialist of the event monitoring and detection group without practical skills, when confronted with an indicator indicating horizontal movement, will not look for a compromised entry point.
Cyber studies are a unique environment for obtaining practical knowledge and experience, taking into account gamification techniques.
Cyber studies can take different forms:
simulations of real attacks – training “red hats”
development of response to information security incidents, investigation and analysis of “blue hats”
active scanning of your own infrastructure – “purple hats”
all options together and in combinations separately.
Most cyber-studies and cyber-polygons today focus on the qualifications of the “reds”. The “Blues” are forced to act in real conditions, responding to training attacks. It is necessary to realize that the path of red traffic is a step towards attack, not defense: what will be left as an innocent digital footprint in the educational format may turn into the source of a new real attack in the future and open a Pandora’s box.
In such conditions, it is extremely difficult for information security specialists responsible for the role of defenders to acquire all the desired skills: stressful conditions interfere (they are being hacked right now), lack of basic theoretical training and subsequent detailed analysis of errors.
For the “blue”, the most important thing is to develop the skills of monitoring, investigating and responding to incidents through a consistent retrospective analysis of realized business risks (account leaks, fraud in sales systems, substitution of website content, compromise of critical systems, unavailability of confidential information, and others).
Innostage has its own version of the exercises for the “blue” – a virtual IT infrastructure available to information security specialists, modeled for a typical office. It includes a segmented network with Active Directory domains, nodes based on various operating systems, mail server services, remote desktop gateway, centralized antivirus management systems, MySQL, MSSQL databases, FTP servers, ERP, CMDB, as well as user workstations and web applications of various contents. The main means of monitoring and protection are SIEM, WAF, NTA and Sandbox.
The task legends are designed on a special training platform in the form of a course with questions, hints and points for correct answers. The platform is also enriched with a glossary, theoretical references, a chat and a feedback form for participants.
Cyberattack scenarios repeat the real situations faced by Innostage Group analysts at the CyberART Cyber Threat Prevention Center. They are divided into basic and advanced, which allows you to smoothly, without unnecessary stress, immerse participants in the learning process and get the most effective result.
The approach of cyber studies, combining elements of the game (tasks, scores, scoring, competition) and practical training (real scenarios of cyber attacks and their analysis) will allow businesses to qualitatively increase the motivation and loyalty of information security employees, which in turn will directly affect the digital sustainability of the organization.