What is cyber resilience and how to improve it

What Is Cyber Resilience

Cyber resilience is the ability of an enterprise to limit the impact of security incidents by deploying and optimizing appropriate security tools and processes. Cyber resilience also includes the organization’s ability to continuously strengthen their overall cyber defenses in the face of adverse cyber threats.

Attributes of cyber resilience are:

• Aligning information security, business continuity, and organizational adaptability.
• Protecting the enterprise against anything that will negatively impact the availability, integrity, or confidentiality of networked IT systems and associated information and services.
• Developing and enabling security teams that are hyper-aware, hyper-vigilant, and hyper-capable of keeping the organization safe.
• Preparing for, responding to, and recovering from cyber threats in a timely fashion with minimal disruption of operations.
• Being able to adapt to known and unknown crises, threats, adversities, and challenges.

NIST (National Institute of Standards and Technology) defines cyber resilience as:

The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Cyber resiliency is intended to enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment.

Why Cyber Resilience Is Important

• The number of cyber-attacks and their business impact has grown significantly in recent years, with more than half(58%) of small businesses reporting having suffered a data breach.Report
• Breaches result in financial loss, business disruptions, damage to reputations, and regulatory actions. 2021 had the highest average data breach costs, rising from USD 3.86 million to USD 4.24 million, the highest average total cost in the 17-year history of the report.
• Early detection and quick recovery allow organizations to mitigate risk and impacts, enabling continuous business operations.
• Ubiquitous connectivity has dissolved network perimeters and spread applications across many cloud-based systems, which have stretched IT security resources and significantly increased cyber risks.

Cybersecurity breaches are no longer a question of “if” but “when.”

Challenges to Achieving Cyber Resilience

Achieving cyber resilience is challenging because enterprises lack real-time visibility of the security posture associated with their IT assets and infrastructure in light of the rapid evolution of networks and changing threat landscape. They often don’t know what assets they have to protect, where and how they could be breached, and whether adequate security controls are in place. If controls are in place, security teams aren’t confident that they’ll be effective against different types of threats. Time is another factor. In most instances, security teams aren’t able to respond to threats in a timely manner as many risk identification and mitigation processes are still manual.

Ten Benefits of Cyber Resilience

1. Blocks threats from entering an organization’s systems
2. Brings internal processes to a higher level by engaging an entire organization in the roles and importance of security
3. Enhances overall security with strategies for improving IT governance, increasing data protection efforts, minimizing the impact of natural disasters, and reducing human error
4. Focuses scarce IT and security resources where they will provide the most value
5. Generates more trust across customer, partner, and vendor ecosystems
6. Improves compliance with government and industry regulations
7. Keeps sensitive data safe
8. Maintains business continuity in the event of a cyber incident by minimizing downtime
9. Optimizes the daily operations of an organization’s IT department by improving their ability to respond to threats and ensuring day-to-day operations are running smoothly
10. Reduces financial losses and reputational damages

Key Steps to Improve Cyber Resilience

Cyber resilience is not a monolithic update. It consists of multiple steps with many iterations. Among the steps an organization can take to improve cyber resilience are the following.

Achieve continuous visibility across your entire environment
The first step to cyber-resilience is to have visibility into an organization’s cybersecurity posture which starts with identifying all IT assets tied to the organization and knowing which IT assets are at risk. This includes having business context about these assets as well as any associated vulnerabilities and risks. Cyber risk quantification dashboards provide visibility into an organization’s risks in monetary terms. This allows stakeholders to prioritize risk mitigation actions based on business impact. Dashboards also provide visibility into the effectiveness of security controls.

Elevate cyber resilience to be a board-level issue

As with cybersecurity, cyber resilience requires significant investments in budgets and people. Educating an organization’s board of directors about breach risk and cyber-resilience helps get their buy-in for the overall objective and budget required to reduce breach risk by improving cyber resilience. It is helpful to inform them, as with the executive team, regularly about how the security team’s actions result in business risk reduction outcomes and how the various security projects tie into the company’s goals.

Hire and retain top talent

Tackling organizational issues such as a shortage of security talent to support operational and technical activities is a key issue that can keep CISOs challenged. A way to mitigate this is to leverage existing talent by developing desired security skill-sets. This includes enabling them with the right tools, such as those that use automation and machine learning and partnering with vendors that can serve as trusted advisors. It also means taking time to cultivate employee satisfaction to ensure the valuable resources that an organization has already retained.

Focus on cybersecurity fundamentals

Follow best practices and take advantage of security systems and tools, such as:

• Proactive security
  • Anti-malware protection
  • Anti-virus
  • Cyber risk quantification
  • Email security
  • Endpoint protection, endpoint security
  • Ransomware protection
  • Risk-based vulnerability management
  • Unified asset inventory
  • URL filtering
• Preventative security
  • Backup
  • Education
  • Encryption
• Security management systems
  • Data Loss Prevention (DLP)
  • Identity access management (IAM)
  • Multi-factor authentication (MFA)
  • Patch management tools
  • Security information and event management (SIEM)

A few other considerations when evaluating how to improve cyber resilience are:

Components of Cyber Resilience Strategy

A comprehensive cyber resiliency strategy addresses cybersecurity at all levels to proactively protect the organization, detect threats, respond and recover, govern, and adapt.

Proactively Protect the Organization

To proactively protect the systems, applications, and data that an organization relies on for business continuity, the cyber resiliency strategy must include the cybersecurity systems needed to protect all systems, devices, applications, and data. A few key components of this should be:

• Asset management system
• Encryption for data at rest and data in transit
• Identity and access controls
• Information and security policies
• Malware protection
• Network and communications security
• Patch and update the management system
• Physical and environmental security
• Supply chain risk management
• Training

Detect Threats

Catching bad actors before they perpetrate a malicious act is an important part of cyber resilience. A few key tools that help with identifying threats are:

• Endpoint detection and response (EDR)
• Extended detection and response (XDR)
• Intrusion detection and prevention systems (IDS/IPS)
• Managed detection and response (MDR)
• Network detection and response (NDR)

Respond and Recover

The likelihood of a cyber-related incident, despite the best cybersecurity, remains high. To ensure business continuity, cyber resilience programs include:

• Business continuity management
• Incident response management
• Information and Communications Technology (ICT) continuity management
• Information sharing and collaboration
• Security information and event management (SIEM)

Govern

For processes and technology to be effective as part of a cyber resilience program, governance is required. Recommendations to support governance for the people, processes, and solutions used to support cyber resilience include:

• Board-level commitment and involvement
• External certifications and validation
• Governance structure and processes
• Internal audits
• Risk management program

Adapt

What makes cyber resilience complicated also drives its success—continuous change. Changes to the threat landscape, attack surface, people, technology, and systems all need to be rolled into cyber resilience programs as changes occur. This evolution ensures that an organization is optimally prepared to address whatever cyber incidents occur with as little disruption as possible.

Cyber Resilience vs. Cybersecurity

There is a persistent confusion between cybersecurity and cyber resilience and their relationship. Cyber resiliency is not a replacement for cybersecurity. They are complementary. Cyber resiliency techniques are used to support and enhance cybersecurity measures.

Cybersecurity

Cybersecurity is a defense strategy consisting of a combination of technologies and processes that are designed to enforce policies and protect systems, networks, data, and IT infrastructure from cyber threats (e.g., malware, ransomware, hacktivism, malicious insiders). Effective cybersecurity reduces the risk of cyber-attacks and protects resources and assets from loss, theft, or damage.

Cyber Resilience

Cyber resilience combines cybersecurity and operational resilience. It refers to an organization’s ability to consistently prevent, respond to, mitigate, and successfully recover from cyber-related incidents. This includes threats and attacks from cyber-criminals and malicious insiders, and also catastrophic system failures from misconfigurations and accidental deletions. Cyber resilience can be applied to both external and internal threats.

Cyber resilience strategies assume that attackers have an advantage in reaching their target with innovative tools and approaches, use of different malware variants, and the element of surprise. This concept helps businesses prepare, prevent, respond, and successfully recover and resume their pre-attack business processes and business operations. In short, cyber resilience requires the business to think differently and be more agile in order to anticipate and mitigate attacks.

Business leaders across the globe realize that no singular cybersecurity solution is sufficient enough to tackle today’s sophisticated and constantly evolving cyber-attacks. Despite ramping up your defenses, cyber-criminals can still take advantage of human error or find loopholes and penetrate your company’s network and IT systems. This is where using using proactive tools with automation and AI is key to establishing cyber resilience across the organization.