FINCSIRT

Need of a Continues & Practical Learning Process on Cyber Security

Financial services industry in global scale or within Sri Lanka, currently faces a major threat in securing its’ assets due to outbreaks of various cyber related attacks. Whether these are adhoc simple attacks or complex attacks that stretches through various other methods, the effort to secure the workplace is getting increasingly harder by the minute.

For the better part of the last decade, we are being trained to occupy various tools specifically Firewalls, IPS/IDS and SIEMs to secure a corporate environment. We already spends millions of rupees for these services and when we compared globally, it easily surpasses Billions. But are we secure after spending these amounts on high-tech equipment and services?

Even-though Sri Lanka is a developing country, the technology we have is in par with other European countries. But both of us face the same threat in today's world. Having a set of high-tech security arsenal will not get us to the next decade. We will need to invest in another set of assets that will take us there. Until such time a Artificial Intelligence is out of science fictions and until it is affordable without ‘an arm and a leg’, process automation in Information security domain is not as attractive as other domains as attackers are by design trying to break the normal process. Hence we need to be ready with our manual process. Our human resources are needed to empowered by experience on these attacks. That cannot be done by training in a thought classroom. During an attack, it is all about intuition and experience in handling a stressful scenario. To train our security personals to be ready with this adrenaline rush, conventional training is not enough. That’s why the Cyber War-games exists.

Cyber War Games started as a joint exercise of military within US or European countries. It has been conducting for the last decade in those domains as a means of preparing military and agencies for the conditions that they’re likely to encounter in service. This exercise is now showing increased values in corporate sector as a cyber security readiness verification are quickly becoming a part of organization security arsenal. Having a plethora of security tools and process does not mean you are ready for the incoming threats. The real test for the organization would be to subject all your tools and personals to a stress testing environment such as a Cyber War-game.

The Cyber War-game is a simulation of a prolonged and persistence attack in several multifaceted phases over an extended duration. The idea being mobilized an organizations, defensive capability through the attack as it continuously escalates. Generally the simulation consists of complex scenarios, that will require multiple roles to interact with each other and use various available tools and process to react to the ongoing attack. The scenario is designed to stress test and evaluate how your organization responds to a realistic cyber attack. This will evaluate the technology, process and procedures, human readiness throughout the phases of identification, defense and recovery to an attack in depth. By design, the simulation is not a dumb down version of a training where the attack is done using an unrealistically vulnerability. The simulation will be done in a realistically secured environment that will be monitored by realistic monitoring tools with specialized staff available. Contrary to popular belief that it will train your staff, it evaluates your readiness and exposes you to a more realistic, complex attack that you will encounter in one day of your life.

In southeast Asian countries, generally these exercises are conducted as a specialized training exercise by multinational co-operations such as CISCO, RSA and Deloitte for their elite customer base. In the Sri Lankan context, there is not a single reference to a public cyber war-game that we are aware of. As FINCSIRT, all the time we are looking for gaps in Sri Lankan financial services industry that no other party fills in. There are various training and security drills available to financial organizations through various commercial parties. These drills tend to prepare the personals to face a much complex attack. This time, we tend to take the Cyber Security preparedness of the Sri Lankan financial sector to the next level of evaluation. In collaboration with Sri Lanka CERT | CC, FINCSIRT hosted Sri Lankas’ first ever Cyber War-Games as a national initiative for all its members on 25th July 2017 at Hilton Residencies, Colombo. The event immediately became one of most sought events in FINCSIRT annual calender and successful in every way.

As the Computer Security Incident Response Team (FINCSIRT) that focus on the Sri Lankan financial sector, it is our duty to prepare, evaluate and safeguard Sri Lankan financial sector for any complex attack to occur. While we as FINCSIRT will continue to engage with the sector with these events, its each and every institutes responsibility to make sure their staff is trained in these simulations throughout the year. You could start organizing internal simulations to test your readiness. Having a set of tools is not enough if the staff is not equipped to handle those in the required time with the pressure builds up in an actual incident. “Your friends will believe in your potential, your enemies will make you live up to it.”