In today’s cybersecurity threat landscape, there are many issues that businesses are facing, especially given the fact that the remote workforce is going to be more or less a permanent fixture now in corporate America. Many CISOs and CIOs alike are concerned about the next security breach that could potentially impact their organization. One of their biggest fears is how quickly they can bounce back from a breach and face the future. This is also referred to as “Cyber Resiliency.”
What Is Cyber Resiliency?
A good, technical definition is, “Cyber resiliency is the ability of an organization to prepare, respond, and recover when cyberattacks happen.”*
Its Main Components
Cyber Resiliency has three main subcomponents to give a company the ability to trigger back up to a normal business flow ASAP. These are:
- Prepare: This involves the Incident Response (IR) plan. This document must clearly specify the key steps as to how your business will respond to a threat variant once it has been detected. Most importantly, it must establish a clear line of communication in order for a rapid response to occur, as well as determine who is responsible for carrying out each part of the plan.
- Respond: While the IR plan can play a role here, this part is more dedicated to the Disaster Recovery (DR) plan. This is yet another crucial document that spells out how you will restore mission-critical operations after you have been impacted. It is important to keep in mind that the moment you suffer any downtime, you will start to lose revenue, and potentially, customers. The longer the downtime, the more damage you will suffer, so you need to be back up and running within just a few hours. The DR plan only addresses the restoration of those processes that are most important to your business.
- Recover: This is where the Business Continuity (BC) plan is most important. This document addresses how the rest of your processes and operations will be brought back up, once the most important ones have been taken care of. This plan also includes how you will recover over the long term, especially with regards to winning back lost customers and restoring any brand and reputational damage.
The thinking is that Cyber Resiliency often takes place in the recovery stage. While this is true, it is also heavily dependent upon how well you prepare and respond. After all, if any of these pieces fall through the cracks, your ability to become resilient will take a much longer time to achieve.
How Can a Business Achieve Cyber Resiliency?
There are numerous ways, but the following are among the most important:
Always address the basics. What it all comes down to in the end is that you must constantly address the needs of your IT and network infrastructures. For example, if software patches and other upgrades are necessary, then make sure that you schedule the time to do them, and make sure they are deployed properly. If you are impacted by a security breach and it was later discovered that this could have been mitigated by keeping up to date and you weren’t, you may have to start all the way from the beginning to install all of the patches again, before you can resume normal operations. Make sure that the rights, privileges, and permissions that you have assigned to your employees are also up to date, and that no one is getting more than what they absolutely need. For instance, if an employee leaves for whatever reason, make sure you have the protocols in place to delete them to avoid the chance of an insider attack.
Maintain a good level of cyber hygiene. Everybody in your company, all the way from the very top to the bottom, needs to know what to do to keep your digital and physical assets safe from any threat variant reaching it. A big part of this lies in delivering security training on a regular basis to all your employees. This will lead to having a sense of urgency and proactiveness. If you have this in place and you are subsequently hit by a cyberattack, you will have a much greater chance of being able to bounce back quicker or become resilient, in the long term.
Make use of the cloud. Businesses today more fully understand how using the cloud makes them more Cyber Resilient. It can take a great deal of time to make sure that any devices you provide to your employees are fully compliant with your Security Policy, and that they have the latest protective mechanisms installed on them. But, if you have deployed your entire IT and network infrastructure into a platform like Amazon Web Services (AWS®) or Microsoft Azure®, you will not have to be concerned about this at all. For example, you can instantly create virtual machines (VMs) and virtual desktops (VDs) that already have the latest security features installed in them, and that you can make available as necessary by the cloud provider. Your employees will be able to access any applications in them in just a matter of minutes, without having to scramble around to get their company-issued devices up and running.
Break up your infrastructures into smaller components. Many businesses, especially the SMBs, tend to leave their entire IT and network spheres as one entity. While this can be easier to maintain, it is also a very poor security practice. If a cyberattacker can break through that single entity, they can move very quickly in a lateral fashion, causing even more damage. But if you were to segment those spheres into smaller components (such as subnets) with each having its own layer of defense, then the statistical odds of this happening are much lower. If you do face a security breach, you will only have to bring up those segments that have been impacted, thus further improving your ability to rebound, or your level of Cyber Resiliency.
*Additional source: https://blog.rsisecurity.com/what-is-cyber-resilience-and-why-is-it-important/