In December 2017, three engineers at Boeing developed training tool which had never been invented before by other aerospace companies. This tool could simulate an in-flight cyberattack on a commercial airplane.
These simulations are not just a game but they are an essential part of risk management in Boeing’s case.
Most companies are not able to detect the vulnerability quickly. Even though the employees are trained to recognize threats, they still make the mistake to open an email created by a hacker. These emails look like they are from their colleagues or other contacts.
To avoid these threats and reduce the impact of the attack some companies are using simulation tools that can simulate real hacker attack into networks. They use programs that guess passwords, exploit weaknesses in improperly configured hardware that deceive the employees with fake emails.
Breach simulation technology that offers rapid, automation testing is a small but big growing niche that can reach 1 billion dollars by 2020. There is research showing that hackers are very well-prepared and equipped with superior technology.
Penetration testing is a way to determine weaknesses in an organization’s technology protection. Using this testing can trigger the employees to open sketchy emails or calls, usually executed by hackers. The goal of phishing emails is to fool recipients to click on links or open documents. That way, a company can evaluate the risk of potential vulnerability.
To make a test for a client a company working with cybersecurity simulated an innocent-sounding email about something relevant to the targeted employee’s work, tempting the employees to open the email. This email contained simulated malware that can get access to everything on a certain computer.
Usually, the above-mentioned penetration tests are difficult to scale in a big organization, as they don’t cover enough attack scenarios.
To prove that a penetration test can cover more attack scenarios team used automated attack tools that simulated breach tactics without the impact of real malware.
The simulations that are dealing with system vulnerability rather than human ones, can run in many places like cloud-based storage system or in firewall hardware. They can see what damages the malware can cause and whether the security controls are effective enough.
There should be a balance between security and productivity. In order to achieve this balance, the security defences should be placed deeper in the system, instead of targeting the employees.
A technique of defeating attacks in the safest way for a company is by searching for ways to stop them at many stages during the elimination of a breach or its lifecycle. They are doing that by segmenting critical data so it is difficult for attackers to get in.
Automation of security testing can make the work of the employees more secure and exterminate potential attack. A platform created by the team simulates real attack activities so the customers can find out if the security controls are working against the hackers and the platform can adjust the product aspects accordingly.
The goal is to make security solutions work harder and in the right way so that the employees no longer have to serve as security guards.
What we can provide
While some companies core service is to provide security upgrades to employees personal computer and internal digital infrastructures, at HTML24 we provide the same, in regards to our clients’ websites and web apps. For examples of this, consider reading our case on the trade union HOD or the Danish State Hospital – Rigshospitalet.
Are you looking for an agency to either build your website or to implement higher security? Don’t hesitate to contact us, in the field below.