The DRI scores an organization’s readiness to respond to cyberattacks and provides security upskilling training.

Cyber defense upskilling company RangeForce has announced the release of the Defense Readiness Index (DRI) to enable companies to measure and improve their cybersecurity capabilities. Integrated into RangeForce’s Threat Centric platform and mapped to both the MITRE ATT&CK and D3FEND frameworks, the DRI scores an organization’s readiness to respond to cyberattacks, the firm said in a press release. It also provides cybersecurity upskilling rooted in United States Department of Defense and NATO training to help teams to prepare for threats, it added.

Strong and effective cyber readiness can be challenging for many organizations. The latest Cisco Cybersecurity Readiness Index, which ranks companies in four stages of cybersecurity readiness (beginner, formative, progressive, and mature), found that more than half of organizations fall into either the beginner or formative category, with only 15% in the mature stage. Identity management is recognized as the most critical area of concern with 58% of organizations either in the formative or beginner category, while 56% of organizations were at the lower end of the readiness spectrum for network protection.

DRI ranks organizations’ cybersecurity readiness on a scale of 1 to 5

The DRI pinpoints weaknesses in an organization’s cybersecurity capabilities, enabling them to assess skills gaps and implement strategic recommendations to plug them, RangeForce said. It also informs senior management with objective metrics, providing visibility into the strength of their cybersecurity teams.

The DRI ranks organizations on a scale of 1 to 5, each with its own set of controls and practices to provide visibility into where defensive teams stand in terms of competency against cyberattacks, RangeForce said. Furthermore, it provides insight into a team’s mix of demonstrated skills, their capabilities to detect and disrupt threats, their ability to collaborate on investigations, where skill gaps exist, and the associated costs, it claimed.

A roadmap helps companies focus on the skills needed to move up to the next level (or to remain at the same level as the threat landscape evolves over time) while assessment and reporting mechanisms are enhanced to help businesses measure progress.

DRI incorporates US DoD, NATO cybersecurity training

The DRI draws upon collaborative work with the US Department of Defense (DoD) and NATO. “NATO runs the largest international cybersecurity exercises in the world, and defends against nation-state level attacks,” said Taavi Must, co-founder and CEO, RangeForce. “But we found – when it came to defense – even their teams needed to practice using real tools, in real time, under stressful conditions. We developed customized training to provide visibility into skills gaps, and to identify areas for improvement. Then we focused on scaling our platform, extending the same benefits to everyone with the launch of RangeForce.

“Based on DRI results, teams are provided a curated training plan built from RangeForce’s library of 1000-plus on-demand training modules,” Tanner Howell, global director of solution engineering at RangeForce, tells CSO. “For example, let’s say an organization is targeting a DRI level of 4. If, when they complete a team exercise at that DRI level, they are not able to appropriately deconstruct the malware to mitigate the threat, they will be given a curated training plan including RangeForce modules specifically focused on differing malware deconstruction techniques.”

Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security.

Copyright © 2023 IDG Communications, Inc.