As 2022 gets underway and organizations begin to execute on their plans for the new year, Shaun Walsh, Vice President of Marketing, and Kent Wilson, Director of Sales Engineering, had the opportunity to join ActualTech Media for a webcast to discuss managing risk, realities, and results in 2022.
The discussion covered a wide range of topics, including the challenges that lie ahead for businesses that continue to confront volatility in the cybersecurity landscape, the diverse role that cyber ranges can play in helping organizations to improve their security posture, and other cybersecurity predictions.
If you were unable to join the webcast or if you want a summary of the discussion to help shape your action plan for the months ahead, then we strongly encourage you to read on.
Cybersecurity Predictions and Challenges Ahead in 2022
Nearly two years into a public health crisis that has drastically altered business operations and in the midst of a dramatic increase in the scale and frequency of cyber attacks, the panelists discussed how cybersecurity leaders are facing some of their most significant challenges to date.
These challenges range from hiring and retaining qualified security professionals to balancing the operational and security-related needs of their business. Unfortunately, these challenges are made more complicated by the rapid increase in remote work arrangements in an increasingly global economy that has customers and employees connecting to applications at any time and from anywhere.
The Current Challenges for Cybersecurity Leaders: In Numbers
A quick snapshot of the current situation reveals the complexities that technology leaders face. The challenges can be summarized by a few eye-catching statistics discussed during the webcast:
- The global information security workforce gap stands at nearly 2.7 million heading into 2022.
- As cited in previous reports, 60 percent of data breaches are caused by a lack of patching of existing applications and systems (still relevant today).
- There was a 62 percent growth in ransomware attacks between 2020 and 2021.
- Share prices, on average, drop 22 percent after a ransomware attack.
The Rising Complexity of Security Technology Stacks
In addition to these challenges, security leaders are also beginning to grapple with the realization that both their current security technology stack and their organization’s attack surface are becoming increasingly more complex to manage.
In particular, 78 percent of organizations surveyed in one study noted that they had more than 16 security products in place. At the same time, the same study notes, 80 percent plan to consolidate their tools in the next three years.
As the SimSpace experts noted, these trends point to a two-sided challenge for security leaders: how to select the best security products to provide the right threat intelligence and protection while also identifying the most effective way to integrate and layer their defenses.
The Evolving Sophistication of Cyber Actors
As organizations rely more on connected systems, including operational technology (OT) and the Internet of Things (IoT), the webinar also touched on the fact that threat actors are taking advantage of the security gaps and vulnerabilities they find as these technologies are deployed.
While a lot of attention was paid to the ransomware that crippled the Colonial Pipeline’s fuel flow in the Southeast United States, larger forces were causing similar pain across all industries around the world.
In fact, according to one report, there was an increase of more than 130 percent in the number of attempted ransomware attacks in 2021. The average ransom also increased over the same time period, hitting $570,000, which is an increase of more than 80 percent.
Surprisingly, cyber actors were also able to launch 700 percent more IoT and OT-based attacks in 2021, demonstrating the ability of these criminals to evolve and adapt their tactics along with their targets.
The Growing Expectations for IT Security from Business Leaders
Finally, the webinar touched on the growing role that IT leaders play in organizations, outside of just enabling business operations.
For example, business leaders are continuing to link the role that effective cybersecurity has in protecting the trust in and legacy reputation of their brand. Similarly, in a time when there is increased scrutiny on budgets, IT leaders are being called upon to produce business cases for their security investments, including using tools and data to measure the return on investment (ROI) of their security stack.
How Security Leaders Can Help Turn the Cybersecurity Tide
There are no easy answers for cybersecurity leaders as they plan for 2022 and beyond. However, fortunately, the SimSpace experts did note that leaders have more tools at their disposal to help navigate these challenges.
One of the most versatile and effective of these tools is the cyber range.
Cyber ranges offer realistic emulations of live networks, including the hosts, users, and attackers that make them up, all in a virtualized space. In a cyber range, security professionals can work alone or as a team toward a wide array of objectives, all without exposing their production environment.
The Wide Array of Cyber Range Use Cases
During the webinar, the SimSpace team discussed the fact that cyber ranges have seemingly endless use cases, from testing the latest technologies against simulated attacks to performing foundational and advanced training, practicing incident response tactics, and experimenting with different security tool configurations.
Some of the examples provided show how cyber ranges can help organizations mature the security posture of their:
Teams
- Replicate actual attack situations in order to educate and measure team performance.
- Improve coordination of security controls and responses across the enterprise.
- Assess and measure individual and team professional development.
Technology
- Provide realistic methods to test existing and potential security tools.
- Dial in their security tool configurations and rules.
Processes
- Evaluate how well security policies protect organizational data and systems.
- Improve threat intelligence methods.
- Prepare for phishing attacks.
The Intuitive Management of Cyber Force Platform
The SimSpace team also provided a live demonstration of their platform during the webinar by replicating a small to medium-sized business’ infrastructure, complete with virtualized hosts organized into subnets to represent various departments. The SimSpace cyber range also makes it easy to set up network infrastructure, implement and configure security tools, and replicate potential attack vectors.
The SimSpace cyber range also provides:
- Built-in AI to mimic realistic elements, including user actions like clicking a link or browsing the internet
- A library of virtual machines of different operating systems and device types, including routers, servers, security tools, and network devices
- An intuitive management console that allows for easy setup and modification of the range environment as well as simulation event execution
- A library of training scenarios, red and blue team events, and actual cyber-attacks to put your security tools and teams to the test
Looking Ahead
The tactics, techniques, and procedures (TTP) that tomorrow’s cyber actors will use to target their next victims are hard to predict, but the versatility and realism of cyber ranges like SimSpace’s are already proven and ready to evolve with your team.
From providing customizable training and testing environments to offering teams the ability to refine their incident response plans, the peace of mind that comes with knowing your team will be able to respond when they see a new attack “for the second time” is a benefit that is hard to put a price on.
Is your organization ready to take the next step toward securing your business for years to come? Then we recommend that you check out the webinar and download our latest resource, The Comprehensive Guide to Cyber Ranges, now.
.svg)
.svg)
.svg)
.svg)