Cyber resilience refers to an organization’s ability to keep operating when adverse events affecting IT systems occur. A traditional cybersecurity program is designed to protect against cyber threats by developing the ability to detect and respond to threats. A cyber-resilience program goes beyond protection and response. It expands the traditional scope to include keeping a business operating in a secure manner when experiencing adverse events.
According to the 2020 Cyber Resilient Organization Report, 67% of surveyed organizations said the number of cyberattacks had increased in the past 12 months with 64% saying the attacks were more severe. Over half of the respondents reported experiencing a data breach of more than 1,000 records within the last two years. The increase is not surprising given the uncertainty of 2020. Cybercriminals thrive under chaos as it disrupts standard operations, opening the door to more vulnerabilities.
Cybersecurity professionals have been advocating for a more offensive approach to security instead of the more traditional defensive posture. They are advocating a resilient mindset that prevents, detects, contains, and responds to cyber threats against applications, data, and infrastructure.
Building Cyber Resilience
Building cyber resilience takes a change in approach. It requires looking at what tools are available to prevent, detect, and contain possible threats. Resilience means having incident response plans in place to encourage consistency and collaboration for continuous improvement. The first step in any cyber-prevention program is enterprise-wide awareness. Everyone from the CEO down must understand their role in keeping a company secure.
A lack of collaboration among business continuity and cyber resilience teams can result in conflicting policies and procedures. A recent survey found that about 60% of resilience and security teams do not have a working relationship with others within the organization. They are often left creating plans and programs in a vacuum. Without a consistent approach to cyber activities, employees are left to respond as best they can.
Since most successful cyberattacks begin with human error, a closer working relationship is essential. For example, a user responds to a phishing attempt or a busy employee falls victim to a sophisticated BEC threat because they are unaware of possible threats. If employees are trained to look carefully at email addresses or to check with the sender of an email before clicking on a link, many attacks could be prevented.
Cybersecurity frameworks have been built around defensive prevention. Resources are deployed to protect everything within a corporate network; however, the need for remote work environments and the Internet of Things (IoT) has made it impossible to keep resources behind the corporate firewall. Preventing attacks needs to become more offensive. Organizations need to be detecting possible threats before they become incidents.
According to the cyber resilience report, over 50% of responding organizations measure resilience by the number of prevented cyberattacks. However, other metrics such as time to detection or containment may be a better indicator of resilience. For many organizations, their confidence in preventive measures may be the result of the deployment of more automated solutions to help with vulnerability assessment and configuration management. IBM’s 2020 Data Breach Report determined that organizations with an effective security automation deployment saved almost 40% in average data breach costs.
Time-to-detection is a strong indicator of resilience. The longer an intrusion goes undetected the more costly the containment, response, and recovery. Unfortunately, the number of security tools employed by a single organization complicates the process. Some organizations may have as many as 50 separate security technologies operating at one time. Many are stand-alone solutions that lack interoperability to reduce complexity.
Detecting a possible intrusion has little value if the organization cannot respond quickly and effectively. The more security tools an organization has, the more inefficient they become. According to the resiliency report organizations with more tools ranked consistently lower than those with fewer systems in terms of time-to-detect and contain an intrusion or breach.
Deploying automated solutions that can integrate across platforms and environments can improve visibility into applications, infrastructures, and data. They can reduce complexity and allow better decision-making when under duress. Testing these tools should be part of building resilience. The National Institute of Standards and Technology (NIST) recommends ongoing testing to improve security capabilities.
What happens once an intrusion is detected? For those organizations that have a plan in place, their ability to contain the incident is 35% higher than those without a plan. In addition to the plan, more resilient businesses prepare, practice, and test their policies to ensure that everyone knows exactly what is required.
More resilient companies have attack-specific plans in place that are reviewed and tested regularly. Containing a data breach is different from thwarting a ransomware attack. That’s why resilient organizations take the time to develop specific processes before an incident occurs. Formalizing playbooks that delineate containment procedures can reduce the time-to-detect and ultimately the cost to contain.
Automated tools that help with prevention and detection can also improve a team’s ability to contain and respond. Tools that enable analysts to respond quickly and accurately to possible intrusions result in better outcomes. Part of planning and testing is to improve the speed at which a response is created. Some experts refer to the process as reducing the OODA Loop. When an incident happens, the process known as Observe, Orient, Decide, and Act (OODA) should be as short and effective as possible. That is only possible when the process has been fine-tuned through practice.
Importance of Cyber Resilience
As business becomes more dependent on technology, it cannot treat cybersecurity as a technical issue. It is a business issue that impacts every aspect of an organization. Shifting the focus from security to resilience is a requirement for success. Companies need a change in mindset to develop partnerships among all stakeholders to withstand cyber threats and work towards resiliency.
Creating cyber resilience begins with a strong, collaborative culture where protecting applications, data, and infrastructure is highly valued. Organizations need to make smart investments in technologies that improve their security performance without adding unnecessary complexity to operations. They must ensure that planning and testing are performed regularly and results communicated, so improvements can be made.
Cyber resilience improves a company’s ability to detect and withstand a cyberattack. It builds an IT governance strategy to ensure complete and consistent data is available for making decisions. Working towards resiliency enhances the safety and security across all assets and strengthens data protection. It can reduce the impact of natural disasters and minimize the consequences of human error.
When looking at investing in automation, companies should select solutions that remove mundane and routine workflows from employees. Not only can technology perform such tasks more efficiently, but it can also free employees to become more creative in how to improve a company’s cyber resiliency.