As we head into a world where disruption and innovation are a way of life, how organizations need to take control of their own destinies.
Hollywood makes movies about everything—from aliens to dinosaurs and from epic romances to apocalyptic thrillers. But rarely has it ever prioritized accuracy over entertainment. But, every once in a while, Hollywood, like science fiction, can be prescient. So, you can imagine my surprise when as a college student I came across Sneakers – a purported spy thriller from the early 1990s. I came across the movie in the early 2000s, just before starting on my MBA in Information Systems, and with that mindset, it quickly dawned on me that I wasn’t watching a “spy movie”, I was actually watching a “cybersecurity movie” – maybe the first of its kind. Early in the film, we see what appears to be a gang of technologically sophisticated robbers break into a large bank in the dead of night, just so they can access its computer and spoof an account with a $100,000 deposit. In the next scene, the leader of the gang (Robert Redford) suavely walks into the bank in broad daylight and withdraws the money from a bank teller. She asks him: “May I ask why you’re closing the account?” He answers: “Well, I have this weird feeling my money wasn’t safe here anymore.” So far, any modern viewer would find it interesting and funny, but what does it really have to do with cybersecurity? Well, in the same scene, Robert Redford’s character proceeds to deliver the cash to the bank’s board of directors, along with a long list of flaws in the bank’s security infrastructure. Everything the audience saw was the penetration testing of that era in action. That movie is nearly 30 years old, and of course, today we are miles ahead in terms of technology and security infrastructure. But the bad actors also have access to the same advances in technology that we do. To me, the movie also makes it clear that irrespective of the era, the principles that underly digital security practices are timeless. But still, companies continue to make the same avoidable mistakes that leave them with gaping vulnerabilities, while security threats grow and evolve.
The “Ransomware” Cyberattack in Denmark
On Friday, November 19th, 2021, Danish wind turbine company Vestas was forced to shut down its IT systems across several business units. They had been hit by a “ransomware” cyberattack. The attack had crippled their global operations and the company was paralyzed due to a critical data breach. More than 25,000 staff connected to the systems halted operations. Though Vestas did not disclose the full extent of damages, there was an immediate impact on the company’s financial health and reputation. Three days later, their stock hit a two-week low with reports of delays in production. This was a CISO’s nightmare come to life. Like many before them, the security breach resulted in lower trust among customers, a loss of revenue and customers, and potentially, future lawsuits and litigations. It also proved that even large firms are not immune to cyberattacks.
Cybersecurity in the Digital Age: Compliance in the Nordic Region
Nordic enterprises have always maintained a high standard of digital security since IT security is seen as an enabler of business resilience and continuity. And now, several factors have combined to make robust digital security an even greater challenge. In particular, the rise of remote access and distributed workforces has rapidly increased in this region which makes it harder to protect and monitor points of weakness. Then, there is the complexity of third-party interactions and a high dependency on digital channels, which leads to increased network vulnerability. For Nordic organizations, failure to keep cyberattacks at bay does not simply result in loss of data or an interruption in operations. It can also lead to heavy fines incurred due to regulatory non-compliance. Compliance with regulations such as the GDPR, the E-Privacy Directive, the NIS Directive, and the EU Cybersecurity Act are essential for businesses to operate in the EU region. And businesses that operate across other geographies, such as the US, must then comply with local regulations as well, for example, the California Consumer Privacy Act (CCPA). Governments and corporations alike clearly see cybersecurity as a critical element of national, organizational, and personal security.
Next-Gen Methods of Cyber Security
A Gartner report forecasts that exposed APIs present a larger attack surface for 90% of web applications by 2023, a significant rise from 50% in 2020. This statistic underpins the current state of cyber vulnerability. To cope, enterprises need a set of practices that can expose underlying system vulnerabilities and plug the gaps to prevent any future exposure. Simply put, this is a practical case where investing in prevention is much better than paying for the cure. Welcome to Red Teaming.
What is Red Teaming?
Red teaming is an activity carried out to challenge plans, policies, systems and assumptions by using an adversarial approach. It is used in many fields, including cybersecurity, airport security, the military, and intelligence agencies. Threat Intelligence-Based Ethical Red-Teaming or TIBER is a framework to test and improve the cyber resilience of entities by carrying out a controlled cyberattack. It enables European national authorities to work alongside financial entities operating in the region to implement a program that tests and helps improve resilience against modern cyberattacks. Remember the scene from the movie I mentioned earlier? That was a red teaming exercise – a sophisticated penetration testing scenario that simulates a live attack. This approach requires a controlled, bespoke, and intelligence-led “red team” that mimics the procedures, techniques, and tactics of a real-life threat actor. Ultimately, it determines an entity’s protection, detection, and response capabilities. For most major enterprises, this entails forming a team of experts who must devise extensive and onerous processes as an initial step or hire an external team of security specialists with the requisite frameworks and solutions for the task. In either case, the next step involves establishing advanced controls and monitoring so they can be tested during the actual red teaming exercise. The final step is to implement the processes, monitor outcomes, and implement the recommendations that the assessment generates. As we can see, TIBER is a fairly complex and resource-intensive exercise that can appear intimidating and even untenable for organizations to perform on their own. But, with the right kind of security partner to help them execute this exercise, it can be done efficiently and at optimal cost.
Partnering for Resilience: People + Process + Technology
For enterprises operating out of the Nordic region, making this journey need not be made alone. They can partner with experts who possess the skills and domain expertise necessary to achieve business and security outcomes. At Tech AGRIM, we have designed exactly such a service solution based on our three-pillar approach which consists of:
People
An experienced team of certified and vetted Cyber Security specialists with decades of experience in Offensive Security Assessments, Governance, Risk and Compliance, and Security solutions selection and implementation services.
Process
A set of processes and frameworks with a proven success record. We have helped strengthen cybersecurity for several clients across the globe. For instance, here is a brief outline of one such case we handled with a major financial services organization:
The Client – The client wanted to achieve full compliance with stringent regulatory standards and close existing gaps in their IT framework and security. The core objective was to protect the enterprise’s key assets.
The Process – The blue team was identified against the red team led by Tech AGRIM. The first two weeks were spent gathering threat information and an in-depth vulnerability assessment. The Tech AGRIM team then proceeded to traverse the client network to target key resources including the active directory and firewall.
Outcome – The Tech AGRIM team successfully executed the exercise in close communication with the client’s management and presented its findings in two distinct reports, which included:
• Management summary – The existing gaps and their business implications
• Security team – Step by step SOPs to improve the network and assets.
Technology
Access to technical expertise that understands the technical tools required to execute the operation. The team at Tech AGRIM leverages an integrated platform that fosters two distinct advantages:
• Speed – We automate the majority of tasks within the process to facilitate swift action that reduces total operational hours and directly helps the client optimize their costs.
• Insights – We generate actionable insights that empower the organization’s security leaders to develop a confident and ironclad security posture.
The Road Ahead
As we head into a world where disruption and innovation are a way of life, organizations need to take control of their own destinies. Even enterprises advanced enough to have a mature cyber security framework and defensive teams in-house, need to ensure the efficiency of their Information Security Management System. And the best way to accomplish this highly technical, specialized, and crucial requirement is to engage a competent partner for their red teaming initiatives. Choosing the right Information Security Service provider allows organizations to execute sophisticated red teaming programs to automate the gathering of threat intelligence, enumerate the enterprise attack surface, and identify vulnerabilities in IT systems in an effective and efficient manner. At Tech AGRIM, we deploy proprietary solutions that can ensure that best-in-class tools are used by a team of professionals with vast experience in ethical hacking and vulnerability testing. This positions us to not only deliver an effective red teaming engagement but also ensure that it aligns with key business variables such as speed and cost. To learn more about how we can help secure your enterprise contact us.