What are some of the challenges in assessing cyber threat susceptibility?
Penetration Testing is probably the most well-known and most used method for assessing threat susceptibility. These human-driven assessments can be very effective, but the results are a snapshot in time. The organization’s attack surface and the cyber threat landscape are constantly changing and evolving. This means the snapshot in time provided by the annual penetration test can become dated quickly and decrease in the value it provides. The assessment results quality is also dependent on the skills and experience of the assessment team.
Breach & Attack Simulation has been gaining market traction over the past several years. These mainly focus on assuming the breach has happened for testing an organization’s detection and response security controls. Many Breach & Attack Simulation solutions can offer little to no assessment of preventative controls designed to avoid the threat since you are looking to simulate the breach to test the organization’s ability to withstand the attack. Breach & Attack Simulation solutions are more aimed at testing an organization’s vulnerability rather than susceptibility to cyber threats.
Where cyber threat susceptibility is the inability to avoid cyber threats, vulnerability is the inability to withstand cyber threats, and resilience is the ability to withstand cyber threats. As you decrease an organization’s vulnerability from missing security controls, misconfigurations, and software defects you simultaneously increase the organization’s resilience.
For both Penetration Testing and Breach & Attack Simulation, assessing critical business assets might be limited based on the rules of engagement of the assessment. Organizations can be reluctant to let auditors and assessors test security controls or even access critical business assets as part of the assessment for fear that doing the assessment itself could cause some impact on the business. This can create blind spots in threat, vulnerability, and security assessments that introduce unknowns into the assessment results.
A better approach to threat susceptibility assessments would be to use emerging Intelligent Cyber Digital Twin technology where you can create a virtual duplicate of the organization’s attack surface. An intelligent cyber digital twin can be kept up to date as the attack surface and the threat landscape evolve over time. Organizations can use the intelligent cyber digital twin to continuously assess the threat susceptibility of their attack surface to adversary TTPs in order to prioritize the most critical risk responses from patching software vulnerabilities to implementing security controls.
Although digital twins started in the manufacturing industry, more companies are now beginning to use them for cybersecurity. Why? Digital twins can run through hundreds of millions of different scenarios. Because artificial intelligence analyzes the different outcomes, you can see where you need to improve.
Using intelligent cyber digital twins supports approaches like Monte Carlo Simulations for the identified attack path scenarios created during cyber threat susceptibility assessments. You can run millions of cyber attacks in the intelligent cyber digital twins without impacting the critical business assets because you’re attacking their doppelgangers.
Before, the only way to test out your systems in this manner was to have someone (either on your team or outsourced) try to breach the systems as part of a penetration test, which is expensive and time-consuming. With threats and tools always emerging, this method meant a longer risk detection and response time. Intelligent cyber digital twins allow you to both detect issues and devise an effective defense much faster.
According to Accenture, intelligent cyber digital twins have the potential to revolutionize cybersecurity through three key actions: fortify, extend, and reinvent.
- Fortify: Doubling down on existing defenses
- Extend: Making security better and broader
- Reinvent: Preparing for tomorrow
Accenture also reported that 85% of security officers agree that AI combined with digital twins will allow their organizations to scale up defenses and situational awareness in ways that are not otherwise possible.
Intelligent cyber digital twins provide a helpful way to understand attackers’ mindsets, plausible TTPs, and their impact on the business when used as a sandbox for understanding what security looks like from an attacker’s point of view using cyber threat susceptibility assessments.
This type of intelligent cyber digital twin use case can help companies get better at predicting where hackers will strike, how the attack will unfold, and how damaging it will be by simulating risks in an environment that mirrors the real-world cyber ecosystem of the organization. With this type of actionable knowledge, organizations can take targeted action to reduce the likelihood and impact of cyber attacks while also staying one step ahead of would-be attackers.