In response to these needs, specialists of the Cyber Security Training Centre of Excellence organized the seminar CyberBEZPIECZNI (CyberSECURE), whose April edition is dedicated to the Heads of departments of communication, information technology and cyber security of the Ministry of National Defence. The guests were welcomed by the organizer of the event, Director Mr. Paweł DZIUBA. The words of introduction to the participants were addressed by Deputy Director of Cyber Security Department, Col. Sławomir Pepłoński and Deputy Commander of CDFCC (Cyber Defence Force Component Command), Col. Mariusz CHMIELEWSKI, who emphasized that the most engaging to the participants of the seminar are usually practical elements, relating to cyber hygiene and those related to the protection of own resources and digital identity.
During the seminar, the issues of organizational security were addressed through the study of real cases. Current trends and directions in the activities of APT criminal groups were indicated, as well as examples of data leaks, i.e. what information about the organization and its employees can be found online. During the seminar, the presenters discussed examples of using social engineering to attack an organization. Security incident response procedures and good practices for avoiding such attacks were also presented.
The topic of responsibility of individuals in an organization in the event of a security incident in ICT systems was also discussed. Organizations must create, ensure and operate a formal incident response capability. Current legislation requires that entities in the national cyber security system report incidents to one of three national-level CSIRT teams. The talk demonstrated the classification of incidents with an indication of the important role of incident response personnel to maintain security in an organization's ICT systems.
One of the speeches during the seminar was devoted to the CyberRANGE solution, which is a platform for designing, manufacturing and launching simulators enabling courses, training, research and practical testing of cyberspace operation competences. The presented solution is owned by CST CoE and is actively used, among others, for conducting trainings for cyber security teams. Each participant of such exercises or trainings can use an individual simulation environment with remote access privileges. CyberRANGE allows for launching simulators, which will consist of even several hundreds of virtual machines performing various functions and working under control of various operating systems, in various versions. The simulators can also communicate with physical devices, e.g. IoT or SCADA.
The last point of the seminar was a presentation of live attacks on network users and their mobile devices, as well as a phishing attack that imitated a login system to sample websites. A spoofing attack on user's mailbox and hacking into wireless networks were also presented. The practical part of the lecture allowed to properly show the dangers associated with the use of the network. Soon, the Cyber Security Training Centre of Excellence will hold further editions of the seminar and the CyberEXPERT conference, to which we cordially invite you.