Cyber Resilience in 2021IT Risk & Cyber Risk | 2 Min Read |09 July 21|by Dr. Michael C. Redmond, PhD
Resilience is the ability to adapt to change and respond quickly and effectively. Cyber resilience is more than just preparing—it is ensuring that your business will still thrive in an attack. Too many organizations only concern themselves with ensuring that they have a SIEM (Security information and event management) and or SOC (Security operations center) in place. This is of course very important, but it will not ensure reliance in the event of an attack.
Resiliency requires so much more. Risk assessments should include how vulnerable the business itself is there is a breach or ransomware attack. What confidential information could impact the business if it were to be breached? Some examples include blueprints for a new product design that is going to be launched or plans to purchase another organization.
In addition to a SIEM and SOC, the business units should also be trained on recognizing irregularities that could signal that the integrity of data has been affected. They also need to know how to report it so that the event can be investigated.
Each business unit needs a cyber response plan to allow for resiliency. There have been many organizations that were not able to respond effectively to a ransomware incident. A business unit cyber response plan is different than the business continuity response plan. It includes action steps of each business unit will follow when they are affected by a cyberattack.
The organization also needs a great cybersecurity incident response program, which includes policy and program documentation as well as playbooks for insider threat activities, regulator audits, lapses on data governance, and cyberattacks that are applicable to their domain.
[Read More: Four Key Areas to Achieve Cyber Resilience]
ISO 22316 Security and Resiliency Management and ISO/IEC 27035 Incident Response are two of the recommended standards to consider implementing as part of an organization’s cyber resiliency preparation. ISO/ IEC IT Corporate Governance is a good guideline for senior management and the board to implement in order to avoid hefty fines for poor governance. MetricStream enables organizations to align with established standards, empowering with pre-packaged content for necessary frameworks, making the solution up and running on Day 1.
Business continuity management and information/cybersecurity have to be more aligned in identifying risks. The business units understand what information they have in a database that is more likely to be sought in a cyberattack. Business continuity departments should include questions in their risk assessment surveys and interviews pertaining to what information does each business unit has that is PII or PHI or organizational confidential and work with disaster recovery teams to document which databases it resides.
While a business continuity plan may list an application as tier 1, in an incident where a database has been attacked, the cybersecurity teams may not release it in recovery when the business units need it. Cyber teams may need to do forensics or if they deem that there is malware the backups may need to be checked before they can be used. For instance, in the case of an attack was made months ago, even if just identified, all of the backups from the time of the attack may also be affected.
In summary, a good cyber governance program is needed coupled with a good cyber resilience program.