How well is your company protected against cyber attacks?
Cyber-attacks occur on a daily basis, painfully exposing the vulnerability of IT systems. From countries to large corporations to small firms to the private user – everyone can become a victim of cyber-attacks when connected to the Internet. How well is your company prepared for and protected against cyber-attacks? Managing information security risks become more and more important.
In our recent meeting with the new secretary of the newly formed Department of ICT (DICT), Secretary Salalima, we raised the cyber security issue and recommended that the DICT puts emphasis on cyber security and assists companies and government agencies to protect themselves against attacks. We clearly outlined that the Philippines, a country that handles Big Data (BPM/ KPM) and intends to become a major player in Data Analytics, will have to secure data that’s handled here.
Traditional class-room based trainings are not sufficient to prepare for cyber security and for the defence against pervasive and advance cyber-attacks. Just as every military and police force needs a firing range to hone weapons skills and battle tactics, every next generation cyber defender needs access to a cyber range.
Only with an Internet-scale, operationally-relevant, and ever-current cyber range can organizations produce the empirically valid cyber war-gaming scenarios necessary to develop cyber security skills and instincts for defensive action. Similarly, the only way to understand the resiliency of IT infrastructure is to assault every element within them using the high-stress, real-world conditions created in the controlled environment of a cyber range.
What is a cyber range? It is a realistic environment that is used for cyber warfare training and cyber resiliency testing. It is very much like a military shooting range which is used to facilitate training in weapons, operations or tactics, or like a driving range where golfers go to improve their swings.
A cyber range can be used for two main purposes:
a. To train next-gen cyber defenders using methods such as flag exercises, cyber competition and training exercises; and
b. To measure and harden network and application infrastructure resiliency.
A typical cyber range should be equipped with state-of-the-art technologies that can support 300+ application protocols, simulate 36,000+ attacks, 6,000+ exploits, 30,000+ malware, 100+ evasion classes and multi-layered evasions. Other attack types that can be simulated are IP-based, UDP-based, TCP-based DoS/DDoS attacks, application layer attacks and botnets.
There is a shortage of next-gen cyber defenders. Organizations worldwide face a dangerous shortage of cyber defenders with the skills required to defend against sophisticated cyber attacks. This urgent situation is made worse by the weaknesses and vulnerabilities that continue to pervade critical IT infrastructures. Answering these problems requires Internet-scale simulation environments, along with a comprehensive training curriculum and proven methodologies, to develop elite cyber defenders and simulate attacks on IT infrastructures.
I guess, more detailed discussions will be needed with the DICT and with the National Data Privacy Commission to help establish such cyber ranges.
Who needs cyber range training? Any cyber security professional who is tasked to protect and defend mission-critical information on networked computing elements.
Who is going to establish the first cyber range in Cebu????
- Latest
