The Importance of Cyber Security Wargaming

View all blog posts under Articles | View all blog posts under MSCS

Cyber security professional sits in a room full of desktop computers while staging a cyber security wargame to test the strength of a company's defenses.

Charl van der Walt, chief security strategy officer at the cyber security provider SecureData, regularly stages security attacks against his own company to refine and adjust the company’s response protocols against would-be hackers.

“In our most recent exercise, we uncovered a flaw in our own defenses, the value of which greatly outweighs any discomfort we might feel admitting this as a security provider,” he explains in his 2019 Computer Business Review article “What Happens When a Security Company Decides to Hack Itself?”

During the staged scenario, Van der Walt’s SensePost penetration testing team proceeded as if a toehold had already been established on one computer within the network. The team then utilized open source platforms such as LinkedIn to fuel a brute force attack to build a list of user IDs.

From there, the team systematically attempted commonly used passwords to gain access to a user account, which would in turn give SensePost access to all accounts on the network.

The attack was successful in less than a day, and the exploited weakness that “lost” SecureData its cyber wargame was its users’ passwords. The passwords themselves ticked all the benchmarks of 8 to 12 characters, capital and lower-case letters, alphanumeric characters, and punctuation. But they followed a specific format. The password that brought the wall down, in this case, was:

May2018!

Graduates of online cyber security master’s degree programs are now or will soon be responsible for real-world cyber security. New exploits and malware are born almost every day and shared on hidden forums on the deep web. Cyber security preparedness means thinking like a hacker and anticipating hackers’ moves in real time. And one of the best ways to do so is by staging cyber security wargames to test the true strength of your company’s defenses.

The Value of Wargaming

“We used to say it’s ‘not if, but when’ an organization will experience a cyber incident,” explains Deloitte & Touche LLP’s Andrew Morrison in HelpNetSecurity.com’s “Few Organizations Use Cyber Wargaming to Practice Response Plan.”

“That message has evolved well beyond a single incident to ‘how often’ or ‘how to respond to and withstand persistent attacks,” Morrison continues.

Deloitte ran a poll that revealed nearly half of C-suite respondents admitted that their organizations experienced a cybersecurity incident between 2017 and 2018. These same respondents cited lack of understanding of response plans and lack of resources as the primary deficiencies in their companies’ cyber response plans. And only 25% of the 400 executives polled said that cyber wargaming was a part of their strategy.

“The ability to rehearse different outcomes of decision making enables teams to see beyond the immediate crisis and to understand the longer-term consequences of their decision making,” says crisis manager Bobbie Ramsden-Knowles in PWC.co.uk’s article, “Cyber Wargaming: Strategic Decision Making for Effective Cyber Crisis Management.”

“This includes how they would defend those decisions to the media, shareholders and regulators, should they need to do so at a later date. For this reason, wargames are amongst the most effective tools for senior leaders to gain confidence in decision making, challenge assumptions and become better prepared to face a cyber crisis.”

Goals to Shoot for When Cyber Wargaming

Wargames should be designed to enable participants to hone their skills, practice response plans and familiarize themselves with their collaborative judgment capabilities, according to Deloitte and Touche LLP and HelpNetSecurity.com. Deloitte offers several words of advice on cyber wargaming implementation:

  • Focus on learning objectives that will help reveal what your company needs now, at its current level of maturity.
  • Involve a broad group of participants for a more realistic scenario, rather than testing just one or two individual teams. This approach will uncover potential improvements that can be made regarding teamwork and collaboration between different siloed teams.
  • Keep scenarios simple at first until all involved team members are comfortable with mixing wargaming duties with their daily responsibilities (which do not go away while cyber wargames are taking place).
  • The more plausible and realistic the scenario, the better it will prepare participants to be fully ready to take on real-life hacks.

A typical cyber security incident response plan, according to “Cybersecurity Incident Simulation Exercises” by EY.com, includes a planning and preparation phase followed by identification, containment, investigation, remediation and follow-up phases. Every organization is different, however, and some elements of a cyber wargame may need to be custom tailored.

“Areas specific to an organization include: its critical assets, the threats most likely to be realized, its identification and detection processes, decision-making criteria and reporting lines, in addition to team members and underlying technologies. Identifying and engaging with third parties (both those involved in regular business with the organization and those, such as law enforcement and specialist lawyers, who are required in the event of a breach) is of vital importance,” EY.com explains.

Wargaming will become standard operating procedure within security firms and departments as business networks continue to evolve. Whether cyber security specialists work in data security, ethical hacking, autonomous systems or insider threat analysis, they should strive to hone their skills and accumulate as much new cyber security information as they can, while in school and throughout their careers.

University of North Dakota’s Master of Science in Cyber Security Program

Choosing the right online cyber security master’s program is a decision that should not be taken lightly. The best programs will offer courses that keep current with today’s cyber security issues and concerns.

UND’s Higher Learning Commission-accredited online cyber security master’s degree program is ranked in U.S. News & World Report’s Top 25 Most Innovative Schools (2018), alongside such prestigious institutions as Stanford, Harvard and MIT.

UND prepares students for careers in cyber security with concentrations available in Autonomous Systems Cyber Security, Cyber Security and Behavior, Data Security, and General Cyber Security.

For more information on UND’s MSCS online program, visit the program’s website today.

Sources:

What Happens When a Security Company Decides to Hack Itself? – CBRonline.com

Few Organizations Use Cyber Wargaming to Practice Response Plan – HelpNetSecurity.com

Cyber Wargaming: Strategic Decision Making for Effective Cyber Crisis Management – PWC.co.uk

Cybersecurity Incident Simulation Exercises – EY.com