Sep 2, 2022 - Technology

Cyberattack simulations get real

Illustration of a briefcase with a binary code combination lock with ones and and zeroes for options.

Illustration: Brendan Lynch/Axios

Cyber defense training for businesses is evolving to create immersive scenarios putting board members and C-level executives in the crosshairs of simulated attacks.

The big picture: As ransomware attacks and nation-state cyber espionage campaigns ramp up, more executives and board members find themselves making key decisions about how their companies respond to cybersecurity incidents.

Driving the news: Israeli cybersecurity company Cyberbit released a new training module last month that allows security teams and C-level executives to operate a full-scale simulation together against some of the most popular cyberthreats.

  • Similar products cater more to training security teams, rather than executives and board members.

Details: Hours-long simulations include attacks that exploit the Log4j vulnerability and recent Microsoft critical vulnerabilities, as well as a North Korean nation-state hack.

  • Cyberbit chief marketing officer Sharon Rosenman tells Axios the company typically adds new simulations each week based on the findings of its in-house threat intelligence team.
  • But in high-risk situations, it can have a new simulation up in one day. The training for the Log4j vulnerability, which impacted millions of devices, was live within one day, Rosenman says.

How it works: We participated in a recent Cyberbit product demo to get a sense of what training looks like now.

  • Each simulation operates on live cloud networks from Amazon Web Services and Microsoft Azure to make the experience as close to reality as possible.
  • Once the scenario starts, people are taken through a tabletop simulation where they see signs of an attack on a network and answer a series of questions about what they should do and whom they want to contact at what point.
  • The trainings are hours long to mirror the real thing.
  • Team managers are able to compile findings from all trainings in one dashboard as well.

The intrigue: Cyberbit’s customers include FS-ISAC, a nonprofit that shares cyberthreat intel among major financial institutions, and a few major retail and higher-education institutions, said CEO Adi Dar.

Between the lines: Regulators have been pushing executives and board members to take a more proactive role in cybersecurity strategies.

Yes, but: Because Cyberbit wants the simulations to be as close to real life as possible, the training can take hours to complete.

  • This means it’s still a huge investment for some companies that are low staffed or struggling to implement basic security measures like multifactor authentication.
Go deeper