The world's top athletes run agility courses.
From sprinting, to dodging cones, to jumping hurdles, this type of training determines strengths and weaknesses, and helps them chart growth over time.
It gives athletes a framework.
Well, researchers at the University of Texas at San Antonio just developed the cybersecurity equivalent.
Keeping score of cyber attackers
The UTSA researchers claim their framework can score the agility of both cyber attackers and defenders.
But what does "cyber agility" actually mean?
Jose Mireles, a researcher for the project, explains:
"Cyber agility isn't just about patching a security hole, it's about understanding what happens over time. Sometimes when you protect one vulnerability, you expose yourself to 10 others."
Shouhuai Xu, the professor who supervised the project, says the cyber framework "allows cyber defenders to test out numerous and varied responses to an attack," which has vast implications for improving cyber defense in the future.
"Using our framework," Mireles continued, "security professionals will recognize if they're getting beaten or doing a good job against an attacker."
Real-world applications: the GozNym cybercrime network
When we say attackers, who are we talking about?
The GozNym network is one example.
SecureWorld covered the story of a cybercrime network that managed to steal $100 million from 40,000 victims.
The U.S. Department of Justice and Europol revealed incredible details of a cybercrime network that was run like a business and made profits like one.
this revealing look at how the cybercrime network operated came from court documents in Pittsburgh, where the FBI was part of the investigation.
The U.S. Department of Justice also painted a picture of who could be a potential victim from a cybercrime cartel like this.
The answer is anyone. And any organization.
With an agility framework like the one developed at UTSA, cybersecurity professionals may be able to evaluate the agility of the threat and the agility of the response.
Read more about the framework at Phys.org.