Cybersecurity is more important than ever as cybercriminals have leveraged the disruption caused by the global pandemic to launch an increasing number of scams and cyberattacks against businesses and even individuals. To make matters worse, employees working from home are also more likely to make mistakes which can lead to serious cybersecurity repercussions for themselves or their organizations.
Cybersecurity training is the most effective way to help employees avoid falling victim to phishing emails and other online scams but the pandemic has made it difficult for organizations to properly train their employees.
To help organizations more easily conduct online cybersecurity training, Sberbank’s BI.ZONE created the Cyber Polygon initiative which just held its second annual conference last month. To learn more about the Cyber Polygon initiative and how its simulated attack scenarios were able to help businesses improve their cybersecurity posture, TechRadar Pro spoke with BI.ZONE’s CEO Dmitry Samartsev.
Can you tell us about the Cyber Polygon initiative and what it aims to achieve?
Cyber Polygon is an international online cybersecurity training. It is the official project of the World Economic Forum’s Shaping the Future of Cybersecurity and Digital Trust Platform and is also supported by INTERPOL.
The initiative is aimed at raising the global cyber resilience and the expansion of intersectoral cooperation against cyberthreats. The online exercise connects companies from different industries, international organisations, state and law enforcement agencies to train their competencies, exchange best practices and advance collaboration while responding to cyberattacks. Cyber Polygon is absolutely free of charge for all the participants.
In 2019 we organised the pilot training for the first time. Cyber Polygon 2020 soared to new heights. This year, 120 organisations from 29 countries took part in the technical training for cybersecurity specialists. Along with that we had a powerful live stream track featuring discussions and interviews with 20 high-level speakers. 5 million spectators from 57 countries watched it online. It showed that cybersecurity issue concerns more and more people all over the world, which is great given the scale of the existing threat.
What scenarios did this year’s participants take part in and what common attack types were simulated?
Cybersecurity exercises included two scenarios: Defence and Response. During the first scenario participants practiced repelling an active APT cyberattack. The teams’ goal was to protect their segment of the training infrastructure. According to scenario, BI.ZONE experts acted as the Red Team, exploited the vulnerabilities in the infrastructure and simulated cyberattacks on a business-critical service which processes confidential client information. The participants had to cope with the attack as fast as possible, minimise the amount of information stolen and maintain service availability. They could also fix vulnerabilities by improving the service code.
In the second scenario teams had to investigate the incident by first implementing classic forensic techniques and then with the use of threat hunting methods, specialists hunted the intruders in the infrastructure. Finally, participants practiced composing a dossier about the incident that in real life would help law enforcement agencies locate the cybercriminals.
Cyber Polygon became is the first training of such format and scale for corporate teams in the world.
Based on the results of last year’s scenarios (DDoS attack, web application attack, ransomware attack), what insights did your organization and participants gain?
The main conclusion that we made after the first Cyber Polygon was that practical training and cooperation in mitigating cyberattacks is highly effective. Regular training helps to develop competencies of technical specialists within the organisations: they learn new methods of response to attacks and each time cope with them faster. Cooperation plays a great role — during the training the participants exchanged data about the detected cyberthreats through the BI.ZONE ThreatVision platform, and this increased the speed of incident response by seven times.
Last year’s results demonstrated that we should keep going with Cyber Polygon. Cyberattacks can strike at any moment and we should be prepared. This year, we simulated a targeted attack aimed at stealing confidential data and thus resulting in damage to the company’s reputation. It allowed our participants to get through a crisis situation without any consequences to their organisations and to learn how to act should something similar happen in reality.
As a cyberattack may disrupt the work of the whole organisation the response to it should be practiced at all levels. The training must not involve only technical specialists but management as well. At Cyber Polygon 2020, we organised the live stream track for managers and non-technical specialists. It included discussions and interviews with high-level experts who shared their insights and best practices with the audience.
How did the transition from an in-person event to an online only event affect Cyber Polygon 2020?
Cyber Polygon was designed as an online event from the very beginning. That is why we didn’t really experience any difficulties with the organisation of the technical training.
However, there were certain challenges with the broadcast. Normally, Cyber Polygon goes together with the International Cybersecurity Congress that Sberbank Group organises every summer in Moscow. It is a very high-level event and the largest one about cybersecurity in the region, but we had to cancel it because of the pandemics — so the Cyber Polygon broadcast took its place.
Actually, I think we did a good job. Mikhail Mishustin, Prime Minister of the Russian Federation, Klaus Schwab, Founder and Executive Chairman, World Economic Forum, The Rt. Hon. Tony Blair, Prime Minister, Great Britain and Northern Ireland (1997-2007), Jürgen Stock, Secretary General, INTERPOL, leaders from IBM, Visa, ICANN and others joined the broadcast and shared their views, experience and best practices in cybersecurity, that are increasingly important in these difficult times.
This year BBC World News’ Nik Gowing and journalist Vladimir Pozner gave a presentation on fake news. Can you tell us a bit more about what they discussed and how businesses are working to combat the spread of disinformation online?
Digital communication channels make the spread of information easier and faster, and fake news proliferating globally becomes a serious problem. It is causing great damage to the world economy – the global losses from such information attacks amounted to $78 billion in 2019 and this amount is only going to rise. It is becoming harder and harder to distinguish real information from fake information.
Individuals spend more and more time on social networks getting most of their information and news there. So, companies such as Twitter or Facebook introduce certain measures to protect their clients and employees as governments do to protect their citizens.
Cybercriminals use disinformation in their attacks on business, making fake news one of the most powerful tools used to their advantage. Thus, in 2019 Tesla had to face several fake posts that went viral and made the company shares slip. Just one such incident may bring economic turmoil and jeopardise business.
To withstand informational attacks, companies need to develop crisis-management strategies, train for cyber crisis situations at all levels, monitor information about the brand on the Internet and exchange their cybersecurity data with the community.
The problem of disinformation on the Internet has become extremely relevant in recent years — that is why we included this discussion in the Cyber Polygon agenda.
What is a digital pandemic and what steps can businesses and organizations take to prevent one from happening?
A digital pandemic is quite a new term, but not such a new phenomenon. Under the digital pandemic we mean the global cyber crisis, which can occur given the rapid pace of global digitalization and insufficient focus on cybersecurity issues.
The COVID-19 outbreak sped up global digital transformation, opening up vast technological opportunities, but at the same time showed us that we should prepare for a possible cyber crisis. This year, businesses have been forced to adapt to the fast-paced environment and have become more dependent on digital communication channels than ever. The challenge has been further complicated by a surge in cybercrime amidst the pandemic. The risks of a digital pandemic have been recognised at the highest levels and it prompts us to raise the bar in terms of cybersecurity. Such global cyberthreats can only be defeated by the collaborative work of many stakeholders: businesses, governmental agencies, global organisations and leaders should come together to develop ideas, build trust, share best practices and information. And this is what Cyber Polygon aims to do.
What can we expect at Cyber Polygon 2021 and how will your organization begin preparing for next year’s event?
First of all, we hope that next year the epidemiological situation stabilizes, and we will be able to organise Cyber Polygon together with the annual offline International Cybersecurity Congress.
Now we are preparing the technical write-ups and a comprehensive report on this year training results to be presented at the World Economic Forum Annual Meeting on Cybersecurity in November 2020. Then, we will announce the concept of the next training.
We are now receiving very positive feedback from participants and spectators of Cyber Polygon 2020 together with their willingness to participate next year. So, we expect even more organisations to join Cyber Polygon 2021.
Based on the results of this year training we will do our best to make the next event even larger in scale, better in quality and deeper in practice and insights for participants.