Marietta, GA (PRWEB) March 06, 2014
A report released this week details the large-scale cyber attack simulation that took place in Atlanta last week. The simulation, which was produced by the Technology Association of Georgia (TAG) and hosted by General James B. Butterworth, Adjunct General of the Georgia National Guard, exposed vulnerabilities companies have in protecting critical data, and in the real-time decision-making that happens during actual cyber attacks. Abacus Solutions Security Architect Jeff Jones played a key role as leader of one of the seven teams that attacked the fictitious business called The Logistics Company.
The seven attacks included five cyber attacks, one physical attack and a non-technical social engineering attack. Jones says he was “excited for companies to be able to see how real attacks might unfold since most breaches are not publicized, and details that might help other companies are rarely disclosed.”
“It is standard protocol for security professionals to sign Non-Disclosure Agreements (NDAs) with clients. This is understandable because no company wants to expose its weaknesses. But since security professionals are not allowed to talk about real events, how can companies learn how to defend against them?” said Jones. “This event helps company executives and business owners see not just their areas of vulnerability, but how they might perform during a live attack, which entails the company reacting and making decisions during highly stressful and fluid circumstances.”
The simulation included representatives from the FBI, GBI, Cobb County Police Department and Cobb County 911, as well as C-level executives, senior managers, security practitioners and others. Approximately 250 spectators watched the action unfold at Clay National Guard Center and at over a dozen locations around the world via digital video streaming on the day Governor Nathan Deal declared as Business Cybersecurity Day in Georgia.
Key take-a-ways from the event include:
- Everyone plays a role in security: from the CEO/President to contractors, delivery people and employees. Attackers will always go after the weakest link in the chain.
- The company policy defines the business. It should be enforced, reviewed and known by everyone in the company.
- You are never going to be completely protected. Decide the best risk mitigation vs. cost model for the business and be consistent.
- There should be clear lines of how, what and when to communicate to the entire corporate ecosystem (employees, stockholders, news agencies, public, suppliers, etc.).
- Businesses need to be aware of the interdependence of current security threats to their businesses, national security, and prosperity. Many cybersecurity attacks are just automated criminality, but an increasing number of attacks are threatening our way of life and national identity.
Public cybersecurity simulations are the brain child of Jim Cavanagh, founder of Cyber Exercises. Just like military exercises, cyber exercises allow red teams and blue teams to spar with each other in a safe environment while honing their skills for the real event and it teaches participants how to deal with the unexpected.
“Security is done behind closed doors. I wanted to bring it into the light so that companies could learn about attack methodology and response pitfalls in order to be better prepared to fight a cyber attack. Simulated attacks are becoming a frequent strategy that large companies employ to test their preparedness. But even large companies aren’t always sure how to organize simulated ‘disasters’ that accurately and effectively test preparedness,” said Cavanagh.
Cavanagh cited the thorough and realistically diabolical strategy Jones and his team used during the attack. “Jeff put his 16 years of cyber defense skills and deep technical knowledge about cybersecurity into designing and executing a well-planned and completely realistic attack. Jeff successfully penetrated the defenses of the cyber defenders and he and his team exposed security gaps in key areas common to many businesses and personal computing, as well” said Cavanagh.
Jones said he knew his team had hit the mark when a spectator at the event told him that his fictional attack was very similar to an event that happened to his company.
“I appreciated the opportunity to work with TAG and with Jim Cavanagh on this simulation exercise and my hope is that this event helps companies understand key places where they are vulnerable. I also hope the attack underscores the importance of how security policy, implementation, and testing should be woven into the fabric of hardware, software, and human behavior of companies.”
Abacus Solutions is one of the fastest growing IT solutions and technology providers in the Southeast. Our growth is fueled by our focus on bringing together technology, services, and engineering expertise to simplify and improve the business operations of our clients. We specialize in Cloud Services and Virtualization, Networking and Security, Storage and Archiving, Business Continuity, and Disaster Recovery. We partner with dozens of leading manufacturers and have an extensive inventory of new and refurbished gear. We combine our technology reach with a combination of professional services, design, maintenance, and managed services, to deliver impartial technology solutions for our diverse clients. For more information on our security services, please visit us online at http://www.abacusllc.com/Professional-Services/Consulting-Services/Information-Security-Governance.aspx.
About Cyber Exercises
Cyber Exercises is a Georgia-based global company that writes fictional but realistic scenarios for a variety of enterprise, government and military organizations. Cyber Exercises can develop cybersecurity scenarios from scratch or can add a cyber component to other exercises. Cyber Exercises principals are credentialed by the Department of Homeland Security under the Homeland Security Exercise Evaluation Program and work with scenarios that have ranged from cybersecurity to infrastructure to floods, hurricanes and other natural disasters.
The Technology Association of Georgia (TAG) is the leading technology industry association in the state, serving more than 22,000 members and hosting over 200 events each year. TAG serves as an umbrella organization for 34 industry societies, each of which provides rich content for TAG constituents. TAG’s mission is to educate, promote, and unite Georgia’s technology community to foster an innovative and connected marketplace that stimulates and enhances a tech-based economy. For more information visit http://www.tagonline.org.