Companies often praise their security teams for the hard work they do and the results they achieve in keeping the company efficient and secure. Amid all that positive feedback, there is concern among cyber leaders about a lack of confidence in or awareness of their teams' actual readiness to deal with cyber threats.
Cybersecurity is a complex and ever-changing field, requiring professionals to stay updated with the latest attack techniques, vulnerabilities and defensive strategies. In such a dynamic landscape, cyber leaders may question whether their teams possess the necessary skills to effectively combat emerging threats. However, staying informed about the latest threats and vulnerabilities is a daunting task, especially when considering the volume and complexity of information available.
That pops the question about how they should address these challenges. Well, cyber leaders need to take proactive measures and invest in continuous training and professional development programs for their teams to ensure their skills remain current and aligned with evolving threats. (Easier said than done, though, especially when they struggle to find that weakness in their team’s capabilities.)
To help organizations identify weaknesses in their teams’ cyber capabilities and address skills gaps to prevent or mitigate damage to their revenues and brand reputations, Immersive Labs launched its Immersive Labs Resilience Score.
Immersive Labs is a cybersecurity skills development platform that offers a unique and immersive learning experience for individuals and organizations. The platform focuses on providing hands-on, interactive cybersecurity training through a range of virtual labs and exercises.
The purpose of the score is to measure an organization’s workforce preparedness for cyberattacks and breaches based on Immersive Labs’ years of benchmarking data across industry verticals.
“There is a common misconception that teams’ cyber capabilities are not measurable, but advancements in cyber exercising give us new insights to predict risk and build vital cyber capabilities across the workforce,” said Paul Bentham, Chief Product Officer, Immersive Labs. “The new Immersive Labs Resilience Score demonstrates that resilience can be assessed, benchmarked and increased based on performance data.”
The score is a comprehensive assessment that gauges an organization's ability to effectively manage and respond to complex crises arising from cyber incidents. The score is derived from several key components, highlighting different aspects of cybersecurity preparedness.
Among the factors considered is the proficiency of executive and crisis management teams in making consistent decisions with confidence during high-pressure situations. This ensures that organizations can navigate intricate cyber crises while maintaining a strong and composed approach.
Collaboration and teamwork within cyber teams are also evaluated. The score emphasizes the ability of these teams to work together seamlessly, tackling challenging red-team and blue-team scenarios using real-world environments to foster an environment of collective problem-solving and enhances overall cyber defense capabilities.
To ensure competence in addressing emerging threats, the Resilience Score considers job role proficiency within cyber teams. By aligning task execution with new Common Vulnerabilities and Exposures and capabilities, organizations demonstrate their ability to stay ahead of evolving cyber risks.
The secure coding skills of developers are also assessed, emphasizing their capability to systematically reduce vulnerabilities in the Software Development Life Cycle. By proving their proficiency in secure coding practices, developers contribute to building a robust defense against potential breaches.
Cloud environments, which are critical for organizations, are not overlooked. The score recognizes the expertise of cloud engineers in identifying and rectifying common misconfigurations in real cloud environments. This ensures that organizations can maintain a secure and well-optimized cloud infrastructure.
Furthermore, the score acknowledges the significance of end users' security awareness levels. Organizations are evaluated on their ability to instill confidence in end users, enabling them to identify and report incidents promptly, as well as recognize potential business email compromise attempts.
The implementation of a proper security framework (such as the widely recognized MITRE ATT&CK framework) is another crucial aspect considered in the score. This ensures that organizations have comprehensive security coverage and a robust defense against a wide range of cyber threats.
Lastly, the score emphasizes the importance of regularly mapping teams and individuals to job skills while ensuring their technical abilities remain up to date. This ongoing commitment to skill development guarantees organizations can adapt to the evolving cybersecurity landscape effectively.
As organizations strive for stronger cybersecurity postures, the Immersive Labs Resilience Score, available to all customers beginning in late Q2 2023, serves as a benchmarking tool, driving continuous improvement in the face of evolving cyber risks.
Edited by
Alex Passett
