It is abundantly clear by now that there is no such thing as a perfectly secure IT system. Following a record year for cybercrime in 2021, a growing number of organizations are reevaluating traditional cybersecurity practices with an eye toward improving their ability to withstand and recover from increasingly sophisticated and frequent threats
The move toward cyber resilience represents an important philosophical shift in cybersecurity practices. From the beginning of the computer age, security efforts have focused on preventing attacks in order to protect data and systems. However, that approach just isn’t working anymore.
Worldwide IT security investments are increasing year after year, but cyber threats continue to evolve and accelerate. Attacks on corporate networks increased by 50 percent in 2021, with the average company experiencing 270 cyberattacks during the year, according to the World Economic Forum. In a recent Accenture survey of nearly 5,000 executives, 81 percent agreed that “staying ahead of attackers is a constant battle and the cost is unsustainable.”
Withstanding Inevitable Attacks
Cyber resilient organizations understand it is not possible to fully prevent the onslaught of phishing, ransomware, malware, identity fraud and advanced persistent threats hitting their networks on a regular basis. Instead, they are adopting a bend-but-don’t-break approach — detect attacks as quickly as possible and respond decisively to limit disruptions.
Conventional cybersecurity solutions remain essential, but cyber resilience is a broader concept incorporating business continuity, risk management and incident response. The idea is to ensure that you can continue normal business operations in the event of a cyberattack. Artificial intelligence, machine learning, automation and advanced analytics are key technologies for enhancing resilience. Specific solutions include security orchestration, automation and response (SOAR), extended detection and response (XDR) and security information and event management (SIEM).
Framework for Resilience
Achieving cyber resilience is a complex process, and most organizations will need to implement solutions and processes incrementally. The National Institute of Standards and Technology (NIST), the Mitre Corporation and numerous other cybersecurity agencies, associations and standards groups have developed several frameworks to guide organizations in the transition to cyber resilience. Most include these six key components:
- Identify. Organizations must identify all critical hardware, software, data and processes, and how they support essential business functions in order to develop a risk management strategy.
- Protect. In this stage, organizations implement access controls, identity management, data protection and other key security measures that create an essential first line of defense.
- Detect. To ensure timely identification and mitigation of cybersecurity events, organizations should implement advanced analytics, active monitoring tools and enhanced threat intelligence capabilities.
- Respond. Organizations need a formal incident response plan that outlines how they will react to a threat or attack. The plan should describe technical requirements for containing and eradicating threats as well as business requirements to maintain operations even while an attack is in progress.
- Recover. In this stage, organizations identify steps necessary to resume normal operations, including restoring data from backups, rebuilding or updating critical applications, and restoring or replacing affected hardware.
- Adapt. Following the attack, organizations should document and analyze the incident to improve preparation for subsequent threats. Evaluating the response to the threat and identifying any improvements helps reduce the risk of similar attacks.
An effective cyber resilience strategy delivers a host of benefits. The ability to sustain operations during an attack minimizes the cost of the attack, helps you remain compliant with key regulations, and helps protect your company’s reputation with customers and partners. Technologent can help you create and implement a plan for improving your resilience. Contact us to learn more.
Tags:Cybersecurity, IT resilience
May 16, 2022