The DRI scores an organization’s readiness to respond to cyberattacks and provides upskilling training. Credit: Shutterstock Cyber defense upskilling company RangeForce has announced the release of the Defense Readiness Index (DRI) to enable companies to measure and improve their cybersecurity capabilities. Integrated into RangeForce's Threat Centric platform and mapped to both the MITRE ATT&CK and D3FEND frameworks, the DRI scores an organization's readiness to respond to cyberattacks, the firm said in a press release. It also provides cybersecurity upskilling rooted in United States Department of Defense and NATO training to help teams to prepare for threats, it added. Strong and effective cyber readiness can be challenging for many organizations. The latest Cisco Cybersecurity Readiness Index, which ranks companies in four stages of cybersecurity readiness (beginner, formative, progressive, and mature), found that more than half of organizations fall into either the beginner or formative category, with only 15% in the mature stage. Identity management is recognized as the most critical area of concern with 58% of organizations either in the formative or beginner category, while 56% of organizations were at the lower end of the readiness spectrum for network protection. DRI ranks organizations' cybersecurity readiness on a scale of 1 to 5 The DRI pinpoints weaknesses in an organization's cybersecurity capabilities, enabling them to assess skills gaps and implement strategic recommendations to plug them, RangeForce said. It also informs senior management with objective metrics, providing visibility into the strength of their cybersecurity teams. The DRI ranks organizations on a scale of 1 to 5, each with its own set of controls and practices to provide visibility into where defensive teams stand in terms of competency against cyberattacks, RangeForce said. Furthermore, it provides insight into a team's mix of demonstrated skills, their capabilities to detect and disrupt threats, their ability to collaborate on investigations, where skill gaps exist, and the associated costs, it claimed. A roadmap helps companies focus on the skills needed to move up to the next level (or to remain at the same level as the threat landscape evolves over time) while assessment and reporting mechanisms are enhanced to help businesses measure progress. DRI incorporates US DoD, NATO cybersecurity training The DRI draws upon collaborative work with the US DoD and NATO. "NATO runs the largest international cybersecurity exercises in the world, and defends against nation-state level attacks," said Taavi Must, co-founder and CEO, RangeForce. "But we found - when it came to defense - even their teams needed to practice using real tools, in real time, under stressful conditions. We developed customized training to provide visibility into skills gaps, and to identify areas for improvement. Then we focused on scaling our platform, extending the same benefits to everyone with the launch of RangeForce. "Based on DRI results, teams are provided a curated training plan built from RangeForce's library of 1000-plus on-demand training modules," Tanner Howell, global director of solution engineering at RangeForce, tells CSO. "For example, let's say an organization is targeting a DRI level of 4. If, when they complete a team exercise at that DRI level, they are not able to appropriately deconstruct the malware to mitigate the threat, they will be given a curated training plan including RangeForce modules specifically focused on differing malware deconstruction techniques." Related content brandpost Shifting security left: DevSecOps meets virtualization By Anthony Ricco, CMO of Corellium. 01 Jul 2023 4 mins Security news analysis Attackers add hacked servers to commercial proxy networks for profit Proxyjacking allows attackers to sell unknowing victims' unused network bandwidth. By Lucian Constantin 30 Jun 2023 4 mins Cybercrime news Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group PhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against Israel’s Technion institute, and the ongoing attack against the PaperCut print management software. By Apurva Venkat 30 Jun 2023 4 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news First state-sponsored cyberattack against UK government revealed two decades later Rare insight marks the 20th anniversary of a state-backed malware attack on a UK government department. By Michael Hill 30 Jun 2023 3 mins Cyberattacks Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe