Getting your Trinity Audio player ready...
|
Let’s say, for argument’s sake, that you feel pretty good about your security posture. You’re working with several excellent vendors, you have a strong cybersecurity awareness training initiative in place, and you’ve done the necessary legwork to encourage a culture of cybersecurity. All in all, you’re pretty confident in your defenses, but you haven’t actually tested them yet.
There’s an old saying that comes to mind: “No plan survives first contact with the enemy.”
It’s all well and good to have security processes and tools in place, but that’s only half of what you need to do. You also need to see if everything holds together under fire. That includes your employees.
How do you know if they’ve everything they need to respond to a large-scale cyberattack? It’s not like you can just have them experience one, right? Actually, you can — all you need is a contextualized learning program.
Also known as contextualized learning, contextualized training is an approach to learning and development that reinforces training content with hands-on tasks. Contextualized learning materials are usually delivered via a specialized virtual platform known as a contextualized lab. Where cybersecurity is concerned, this could take the form of any number of simulated cyberattacks or incidents.
A contextual lab is a specialized virtual space where learners can get hands-on experience with a concept or topic. Contextual labs in cybersecurity usually take the form of cyber ranges, complex platforms designed to simulate a business’s real-world network. In addition to incorporating a learning management system (LMS) for progress and performance tracking, curricula, and assessments, a cyber range usually encompasses the same components as any virtual lab:
It’s important to note that cyber ranges are far from the only type of contextual lab. Nor do you have to use a virtual lab exclusively for cybersecurity simulations. Other potential use cases include:
Now to the big question. Why use contextualized labs for cybersecurity training? And more importantly, why use them to specifically simulate a large-scale cyberattack?
Let’s say there’s a threat actor who’s been targeting organizations in your industry with a very specific set of tactics, techniques, and procedures (TTP). An attack from this hacker or group of hackers always begins with a phishing email sent a few months prior to the actual operation. Once they gain access, they spend some time familiarizing themselves with the network, including where sensitive assets are stored.
When it’s finally time to strike, they hit the business from multiple angles. They start with a DDOS attack to cover their data exfiltration. Then, once they’ve made off with the data they came to steal, they release a nasty piece of ransomware onto the target business’s network.
While you can simulate a phishing email without much risk to your infrastructure and business operations, the other stuff is…less feasible outside a virtual environment. You can’t really test your defenses against a ransomware attack by just installing ransomware onto a PC in your office, after all. If those defenses fail, you’ve potentially bricked your entire organization.
What you can do, though, is create a contextualized lab in which your security team is provided with all the tools and systems they’d have access to in your real ecosystem. You can then release the malicious software into this simulated environment without any risk of an outbreak. Better yet, by using a contextualized lab, you’ll have access to comprehensive data on how your team responded to the outbreak.
So not only are you providing real-world, hands-on experience managing a large-scale cyberattack, you’re also giving yourself insight into any weaknesses or blind spots with which your team might struggle. You can then use these insights to improve your cybersecurity in anticipation of a real cyberattack.
In today’s threat landscape, it’s not a question of if you’ll be the target of a cyberattack. It’s a matter of when. You need to be prepared for the worst-case scenario. After all, it’s a lot better to prepare for a major cyber incident that doesn’t happen than to be hit by one that you didn’t expect.
Not only that, your security team will appreciate the ability to prepare. You’ll be giving them a chance to familiarize themselves with your security tools in a way that simply wouldn’t be possible otherwise. The knowledge that they’ll know what to do in the event of an incident will also help a great deal in reducing stress — for them as well as you.
We spent a lot of time talking about cybersecurity today. Now that you’ve got a general idea of how hands-on training and contextualized labs can help your security team, let’s broaden our scope. We recommend having a look at 3 Reasons Why Hands-on Training is Hands-down Better Than Passive Learning.If you’re interested in learning more after that, check out the glossary entries for Adaptive Learning and Learner Experience.