The following conclusions can be drawn based on the final results achieved by the participants.

Participants could assess their capabilities

It was not clear until the end of the exercise who would take the first place. Different teams were leading at different stages, which means that none of them could fully utilise the techniques at their disposal.

The exercise allowed the participants to identify their strengths and weaknesses. We hope that the received information will help them create plans for developing the necessary competencies and improve their results in the future.

Financial institutions and IT delivered the best results

Banks and companies from the IT industry demonstrated the highest resilience. Security assessment expertise in these sectors is quite well developed, with classic forensics and Threat Hunting widely applied.

Technical specialists are better prepared for investigation than for defence

27% of the teams had difficulties earning points in the first scenario, which allows us to conclude that some of the team members lacked or had insufficient expertise in security assessment and protection of web applications.

At the same time, all the participants were awarded points for the first round of the second scenario, which was indicative of each team having at least one expert competent in traditional forensics.

The Threat Hunting approach is uncharted for most organisations

21% of the teams could not earn a single point for the second round of the second scenario. We attribute this to Threat Hunting being a relatively novel approach and the majority of organisations lacking experience of applying its techniques. This creates the potential for developing teams and tools within the companies.

Threat Hunting is not an alternative to classic forensics, but we showed how this approach can supplement conventional methods.

More preparation — better result

The best results were predictably achieved by the teams who had asked many questions during the preparation and familiarised themselves with the new techniques and defences beforehand. We hope that our Cyber Polygon publications as well as other hosted events will increase future participants’ chances of succeeding and effectively countering cyberattacks.

Such events as Cyber Polygon already allow experts from participating organisations to increase their skills and draw the attention of a wider audience to the issues of cybersecurity.

We hope that the results and conclusions of this year’s training as well as the knowledge of invited experts will benefit the entire community and enable us to develop practical measures to improve global interaction in the fight against cybercrime.

The event consisted of two parallel tracks.

Live Stream

The conference featured global leaders and experts, including Mikhail Mishustin, Prime Minister of the Russian Federation, and Klaus Schwab, Founder and Executive Chairman, World Economic Forum as well as top officials from INTERPOL, ICANN, Visa, IBM, Sberbank, MTS and other organisations.

The experts addressed the latest trends and technological threats, shared their experience in creating cybersecurity ecosystems, talked about the transforming threat landscape and discussed the problem of fake news and how to discern misinformation on the Web.

Technical Training

The participants took the side of the Blue Team and worked on protecting their segments of the training infrastructure. The organisers from BI.ZONE represented the Red Team and simulated the attacks.

The exercise included two scenarios:

• First, the participants practised containing a massive cyberattack in real time.
• Then the teams had to investigate the identified incidents by applying traditional forensics as well as Threat Hunting.

The event was joined by state and law enforcement agencies, financial, educational and healthcare institutions, organisations from the IT, telecom, energy, metal, chemical, aerospace engineering and other industries.

In 2020, Cyber Polygon became a unique event combining two tracks:

• the world’s largest cybersecurity exercise for corporate technical teams
• an online conference featuring senior officials from international organisations and leading corporations

The central theme of the event was a ’digital pandemic’: how to prevent a crisis and to reinforce cybersecurity on all levels. Hence, Cyber Polygon 2020 aimed to:

• develop the teams’ competencies in repelling cyberattacks
• engage the management of global organisations and corporations in the cybersecurity dialogue
• raise public awareness in cybersecurity