NEC XON Systems highlights importance of holistic corporate simulated attack scenarios

Armand Kruger, Head of Cyber Security at NEC XON Systems.

---

As cyber threats relentlessly grow in sophistication, cyber security programmes need to adopt a more holistic approach that encompasses simulated attack scenarios beyond just technology, according to Armand Kruger, Head of Cyber Security at NEC XON Systems. Why? Because the impact of cyber crime goes beyond IT. Cyber crime’s annual impact on SA is estimated at R2.2 billion, according to a recent statement by Billy Petzer, research group leader: cyber security systems at the Council for Scientific and Industrial Research (CSIR).

Kruger points out that cyber attacks affect business processes – not just IT software and infrastructure. Current corporate cyber attack simulations often focus solely on technical aspects, leaving a significant gap in preparedness. By integrating business leaders into planning and thinking, holistic scenarios enable organisations to consider implications beyond technology, ultimately enhancing their cyber security readiness,” Kruger says.

"I was recently in an incident response scenario where the company was infiltrated by ransom operators," recounts Kruger. "Through an open executive discussion in the boardroom, we were able to comfortably communicate in business language and explore 'what if' scenarios. This natural environment allowed executives to discover the implications for themselves, leading to improved executive buy-in and a better understanding of the necessary cyber security budget and resource allocation.

“NEC XON Systems, for example, runs attack scenarios that not only delve into the tactics employed by ransomware operators but also consider the broader business context and its implications," says Kruger. Questions such as: "How would we react if ransomware actors attacked?" and: "Do all business players understand their roles in such an event?" are crucial to building a comprehensive response strategy. The scope extends beyond IT departments, involving teams like PR and communications to address external messaging and media engagement. It is vital for cyber security plans to incorporate these facets and not solely focus on the technical aspects.

One oft-overlooked area in simulated attack scenarios is procurement, which plays a crucial cyber security role and needs mature processes in the event of an incident. To address the urgency of cyber security incidents, organisations should incorporate emergency spend workflows into their procurement processes, enabling quick and efficient allocation of resources within 24 hours instead of slow processes that take weeks or months.

Effective cyber security involves two main stages: incident response and crisis management. NEC XON Systems emphasises the importance of thorough preparation for incident response, noting that companies often neglect this critical aspect and go directly into crisis mode.

"Preparing for cyber threats is akin to military training, where practice makes perfect," states Kruger. "Our goal is to ensure that cyber security teams know exactly what to do when faced with an attack."

By incorporating cyber attack scenarios into their operations, businesses can better prepare themselves in two critical areas: communication and co-ordination. This approach not only identifies previously unidentified security gaps and architectural flaws but also creates a controlled environment to neutralise threats and maintain business continuity. It also helps organisations to quantify business risks and align stakeholders on appropriate response strategies.

"Businesses face cyber cartels, and through our process, executives often realise that most attacks rely on social engineering," adds Kruger. "By constantly updating and conducting drills, organisations can strengthen their cyber security defences and maintain a state of preparedness."

Tests the effectiveness of your current controls and safeguards: How resistant are they against cyber threat actors and risks? Validating those controls from the adversary's perspective is key to determining if the solutions are correctly configured and if they work well together to create a defensible layer.

Identifies previously unidentified security gaps: Know what you don't know. The outcomes of the attack scenarios might highlight security gaps. This proactive approach demonstrates how gaps could be exploited and what countermeasures can be implemented.

Breaks down language barriers: Discussing different cyber attack scenarios with technical, management and even business executives creates a common language. Questions like: "If this happens, then what?" are asked and multiple perspectives help executives to understand the risks and the business better.

Pinpoints architectural security design flaws: Determining if the overall architecture is designed in terms of the ability to restrict threat actors' movement and manoeuvring abilities is vital. Having a strict architecture forces the adversary into an environment that is controlled by the business and allows for easier threat prevention, detection and response.

Prepares the business for different cyber attacks: Businesses often face cyber breaches, and crisis management unfolds. Communication channels are broken and incident response co-ordination is in complete chaos. Continuously simulating cyber attack scenarios helps organisations prepare. "Cyber drills" enhance technical controls, business communication and inter-organisational co-ordination. NEC XON Systems urges organisations to adopt a holistic approach and proactively address threats to stay one step ahead of cyber criminals.