Cybersecurity Roundup: Iran Cyberattacks, Cloud Range Cyber, Darktrace, Zix-AppRiver

By | Managed Services News

Jan 13

Successful companies are doing simulated attacks with their SOC teams monthly.

The threat of Iran turning to cyberattacks on the United States could pose additional challenges and create new opportunities for MSSPs and other cybersecurity providers.

Tom Kellermann, head cybersecurity strategist at VMware Carbon Black and former cybersecurity commissioner for President Obama, told GlobalData he anticipates “significant and at times very serious cyberwarfare activity from Iran over the next few weeks.”

“I do think that this will be prolonged, that the cyberattacks against the United States will be prolonged,” he said. “They will mimic more of an insurgency than one-off massive attacks due to the nature of which Iranians have successfully burrowed into numerous U.S. critical infrastructures over the past couple of years, specifically in energy, and that backdoor and that footprint on those systems has yet to be fully eliminated.”

Debbie Gordon, CEO of Cloud Range Cyber, tells us it’s certainly possible that there will be an increase in attacks.  There are specific industries that may be bigger targets, including financial, telecom and energy, especially with threats to critical infrastructure. Common threats may also focus on website defacement as well as attacks where data is deleted, she said.

So how can companies know if they have adequate protections in place?

Cloud Range Cyber's Debbie Gordon

Cloud Range Cyber’s Debbie Gordon

“Determine your security posture, including people, process and technology,” Gordon said. “Most companies focus too much on technology and overlook the other two. You don’t know what you don’t know; therefore, practice and see. Simulate cyberattacks in a protected environment using a cyber range ensures that everyone, from security analysts all the way to the CEO, know exactly what to do and how to do it. Traditional tabletop exercises are not enough; simulation needs to start before a threat is even detected.”

Successful companies are doing simulated attacks with their security operations center (SOC) teams once per month using different attack scenarios to ensure that they are prepared for any type of threat, whether it is ransomware, website defacement, man in the middle, or a SQL injection attack, she said. Additionally, given that there are unknown threat vectors, analysts need to practice critical thinking in order to be prepared for the unknown.

“Because of the growing threat landscape, MSSPs can focus on increasing their understanding of potential threats, by practicing detection response and remediation to the increasing threat landscape,” Gordon said. “New and persistent threats from state actors and others constantly challenge MSSPs with continuing to develop the skills of their blue team operators that are tasked with protecting and securing the assets of their customers. The more they can be prepared, the more confident their customers will be. MSSPs should practice realistic simulation exercises using a cyber range in order to practice detection response and remediation. In a simulated environment, they can measure improvements on detection and response times, which will give customers confidence that they are staying ahead of the increasing challenges.” 

Additionally, successful MSSPs should work with their customers to simulate the handoff depending on where the MSSP’s responsibility ends and the customer’s begins — in terms of response and remediation, she said. They should simulate the handoff and ensure that the response and remediation, if that is the customer’s responsibility, is also to practice closing the loop on the entire threat, she said.

Aside from having necessary technology and processes in place, the primary roadblock affecting most organizations continues to be the growing cybersecurity skills shortage and …

About the Author