Rapid Cyberattack Assessment Workshop (Full - On-site)
$2 250 projectADD TO CART |
Introduction to Cybersecurity Threats and Rapid Assessment
Companies are hit with all kinds of attacks all the time from all different directions. The single largest area that you need to be concerned with in security is your own employees. The second area is external threats and attacks. External security threats are most often designed to steal your assets or sabotage your operations. Threats can either disrupt or halt business in a way that can cost your company billions of dollars.
Malware is software that is developed to disrupt a system or computer. The intention of malware is to exploit computer systems. Some examples of malware include worms, viruses, backdoors, keyloggers, and rootkits. Then there is ransomware. Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through existing malware or comes as a payload delivered by an exploit kit. There are two types of positions we can have in cybersecurity. A blue team is referred to as defensive security and is the group of individuals responsible for protecting information systems. The red team, on the other hand, is offensive security. These individuals protect and attack information systems, allowing for security holes to be discovered without causing large-scale damage.
Key Steps in Conducting a Rapid Cyberattack Assessment
Intended audiences include those who are on or could be on an organization's Incident Response Team and internal auditors. Certifications in the security, audit, or IT risk disciplines may be a desired capability for the attendees. It is also important that senior management have an understanding of the concepts, as they often are going to be the ones receiving the assessment results. Rapid Cyberattack Assessment provides participants with a very rapid, structured approach to evaluate their organization's capability to defend and recover from targeted cyberattacks that may be designed to disrupt operations, mislead assets, steal, corrupt, and/or destroy sensitive information or involve financial fraud.
In just three days, participants complete as much as the team normally takes a month to complete, in addition to the team's traditional consulting assessment work. The format is a workshop with a classroom section and then completion of numerous practical exercises by the participants. Through this, they understand and try their hands at the leading assessment tools and techniques that the team uses when performing their consulting activities. As they complete these activities, they experience the kinds of issues that can arise and can also observe that anything they are doing can themselves be obfuscated by the attack agent operating from their network. Also, while they address weaknesses that they find and make the recommendations that the team would, they will be better positioned to take action quickly on any urgent deficiencies that they find.
Hands-on Exercises and Case Studies
The goal of the module is to offer an exhaustive hands-on experience on the recent and highly exploitable vulnerability testing and the whole spectrum of cybersecurity tools. The respective hands-on training is supported by recent case studies reflecting different types of attacks and corresponding countermeasures. All recent vulnerabilities disclosed by the community or presented at various meetings and conferences are used during the hands-on session of the module. The workshop session includes a variety of hands-on exercises which allow the attendees to practice the most recent testing and attacks. The exercises and case studies utilize all major freely available testing tools and dedicated environments.
Proof of concept attacks are simulated which allows the attendees to gather essential knowledge on the identification of vulnerable points in tested web applications or public sources of exposed sensitive information. Exercises, which are clearly aligned with the subject matter of this specific workshop session, will allow the audience to investigate and follow the respective findings, descriptions, and analysis of recent vulnerabilities. Rapid cyberattack assessment and data leakage prevention are of highest interest and value to any organization. In this context, the workshop session is of high importance to IT professionals responsible for cybersecurity and data protection. The hands-on exercises also support human resource development for cybersecurity professionals who are engaged in training related to cybersecurity issues. Focused and well-prepared training in the field of cybersecurity can be a strong differentiator between an average and a highly professional person responsible for the security and assurance of the critical infrastructure of any type and importance.
Conclusion and Next Steps
At the close of the workshop, Richard Danzig summarized the event and noted that follow-up information to the case studies would be provided to participants. Noting observed differences in capabilities and approaches to rapidly characterizing cyberattacks, Danzig urged the group to think both in terms of what is most possible and most policy-relevant, starting with the easiest and using case studies to deduce what would be most useful. He added that some information revealing the nature and location of the source of an attack could be gleaned, which motivated investigation of how to create a system for rapid cyberattack assessment based on existing capabilities. Danzig also pointed out the difficulty of creating the type of content needed to inform policymakers, and that those who could do so often did not have the time. He suggested that to make information sharable, the incentives of the providers needed to be shaped. He then asked if the collaboration network they had built over the preceding two days could extend the capabilities and knowledge resident in the government and industry organizations to lead the development of the rapid characterization of cyberattacks.
Brennan welcomed comments and thoughts from the group that could inform the direction of the research and action agenda they would develop. The first key direction Brennan suggested was collaboration that engages a broad and diverse cross-section of the critical infrastructure community. Second, the collaboration should involve repurposing existing expertise, technologies, and capabilities that would leverage shared techniques. Lastly, the agenda should take steps to ensure that stakeholders benefit from participation. Over the workshop, it became clear that significant capabilities exist at a diverse set of public sector organizations in signal processing, cyber forensics, and public response. Using these capabilities to support rapid attack characterization by industry and infrastructure-owning organizations is feasible, and in many cases, simply requires creating and formalizing the connections and understanding the data that licensees need to know.