A cyber breach can be a terrible thing for any company to go through, with significant impacts such as halting production, reputational damage, regulatory fines and operational viability. The cost of a breach is often in the millions as highlighted in IBM’s recent report detailing average breach costs across industry verticals. Data breach prevention measures exist, but are often not sufficiently invested in to prevent the worst-case scenarios from developing.
In this blog post, we’ll take a look at the true cost of a data breach and identify how objective based testing can help organisations to reduce their risk.
What is the average cost of a data breach?
Figure 1 - Source – IBM Cost of Data Breach Report 2020
The data from the IBM report shows that the most significant costs from a data breach are felt by the healthcare sector at $7.5 million. As the healthcare sector begin to incorporate more technology into methods of care, patient’s sensitive data becomes more readily available through a number of interconnected devices. Therefore, it’s no surprise that this industry sees the most damage.
Ransomware – a top contributor to cyber-attacks
More commonly today, we are seeing a significant rise in ransomware. Threat actors aren’t just impacting the confidentiality and integrity of data, instead, they are pivoting into ransomware scenario’s looking for a quick win.
Ransomware has been on the rise with more sophisticated groups starting to participate. No longer do groups only deploy ransomware on singular endpoints. They instead focus on privilege escalation, lateral movement and significant compromise of business assets, resulting in an increased likelihood of pay-out.
The damage of ransomware attacks:
- In 2019, global ransomware attacks estimated as one every 14 seconds
- In 2019, global damage costs estimated as $11.5 billion
- Damages are not only limited to ransom payouts
- Cybercrime will likely cost the world in excess of $6 trillion annually by 2021
The first step for any company defending against today’s threats is to make sure that their critical systems or datasets are appropriately protected, while understanding the threats you face and your digital footprint.
What is Objective Based Testing?
Objective Based testing is an exercise designed to increase cyber resilience by simulating common threat actor tactics. They essentially test if your technical controls are effective and commensurate to shield against current attacks and threats.
Unlike Red Teaming, the exercise is announced and focuses on impact, rather than stealth, by testing if technical controls can be bypassed to access critical datasets or assets. The testing will utilise common threat actor tooling and tactics to simulate the methods being used in every day breaches.
How does Objective Based Testing work?
Starting with an assumed breach, the team carrying out the test will introduce Command and Control (C2) over a workstation or endpoint before navigating the environment in pursuit of pre-agreed objectives.
Key milestones of the process include:
- Digital Attack Surface Assessment
- Announced testing of the live environment
- Focused on Impact not Stealth
- Thorough testing of Technical controls
- Starts as an assumed breach
- Targets pre-agreed objectives
- Details likely impact of a breach
Do you know when bad things are happening in your environment and how to respond? This is normally a question answered by Red Teaming (exercising the blue team). However, with Objective Based Testing, being completely announced, the testing team can work collaboratively post exercise to ascertain context from your current defensive toolset. A short workshop will look to detail specific key actions and whether or not the defensive tooling was able to spot the actions at the time of execution. This context will provide a clearer picture of a company’s defences to enhance reporting of any outcomes, resulting in greater cyber maturity for the organisation
Nettitude’s approach to Objective Based Testing
Nettitude’s service offering focuses on providing context and insight into an organisations’ security posture. We do this by testing the effectiveness of current technical controls through the simulation of TTPs, associated with real-world threat actors and in alignment with the MITRE ATT&CK matrix, to improve the organisation’s cyber maturity.
To align this to real and likely tactics, without requiring a full threat assessment, Nettitude will utilise in-house sector specific intelligence to drive the simulation. The services Nettitude offer are designed to deliver cybersecurity propositions, which stay abreast of the evolving cybersecurity landscape through a mature and programmatic approach to guide, build and improve upon existing cybersecurity programmes.
The services help shape and build that effective programme, bringing people, processes, and technology together to address these three fundamental pillars of cybersecurity. To achieve cybersecurity resiliency and maturity, your organisation must be prioritising its cybersecurity risks, enabling cost-effective focus on the activities that are core to the business to ensure effective cyber resilience.
Overall, Nettitude specialise in helping you demystify the current and emerging threat landscape and effectively manage cyber-risk within your organisation, making it more cyber resilient.
If you’d like to find out more about how Nettitude can make your organisation cyber resilient, contact us today.