Lately, cyber resilience has become quite the buzzword in the industry. And the reasons are pretty obvious. You might be working on cybersecurity for decades and be already prepared for data breaches and cyberattacks in a more text-book context. But what if disaster hits you? In that case, would your business still be able to function properly? That’s probably why achieving cyber resilience is very important for your organization.
Cyber resilience is not a one-time thing, it’s a continuous iterative process that provides constant scrutiny across the organization to help in recovering from an attack. This process is different to traditional defenses which lose their usefulness, once bypassed. To achieve cyber resilience, it’s important to achieve the right balance between people, processes, and technology. The common mistake made is to become over-dependent on technology and tools while ignoring the importance of well- informed and skilled people and well-designed processes for cyber resilience. You should try to fit together all three components of cyber resilience in a complementary way, without gaps.
The right governance and strong processes in place play an important role in achieving cyber resilience.
You can follow some of the best practices as below:
Regulatory Reporting and Assurances: Regulatory compliance might seem to be ineffective as it mainly consists of checkboxes and forms, but it’s a good practice. You should validate that proper controls are in place and operating effectively on data.
Responsive Governance: You need a responsive, agile adjustment of policies, processes, and technologies in place rather than depending on a fixed review period.
Alignment with the Organization’s Overall Governance Framework: You need to ensure that the organization’s overall governance plan, i.e. documented strategies, principles, policies, rules and procedures are in line with the overall governance framework.
You should create an asset inventory for software, hardware, and data, both internal and external, which is managed through a centralized asset management system to achieve full visibility of the organization’s critical assets and security controls. This makes overall management easier.
You should be ready to face cyber breaches and should check your preparedness for the same in a timely manner using some of the strategies as below:
Have a documented communication plan in place to determine when and how to notify customers, other key stakeholders, and public relations teams.
Continuous monitoring systems
Use technologies like Security Information and Event Management (SIEM) to detect and alert of anomalous behaviors.
There are a lot of threat feeds like threats detected by internal teams, OSINT, collaboration and information-sharing channels etc. and it’s important for you to utilize this data and get actionable insights using analytics which give a real time view into risks and the threat landscape.
You can deploy the following controls to prevent cyber security incidents:
Instill a culture of taking daily backups: It’s important that you should take daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months.
People are considered to be the weakest link of the cybersecurity chain, and are usually targeted by hackers. Make sure that everybody in the organization gets relevant cybersecurity trainings depending on their roles and are engaged on regular basis.
Your cyber resilience program should start from the very top of the organization. Board members should engage in:
Establish specialist functional groups within your organization to monitor and address risks in real time.
Keep plans and strategies in place for continuous development of knowledge and awareness of your staff —so that they can provide an effective defense against malicious cyber activities like phishing attacks and other forms of social engineering.
Conduct regular random testing activities to check the awareness of stakeholders as well as the security teams to stop those attacks. For example, you can send a test email containing malware to a staff member or group to test their response and based on their response they could go through further trainings to develop the awareness and skills required.
Enlist experts who try to break into your systems to check the effectiveness of your defenses.
Technology is the biggest enabler to fight against cyber criminals and is the most trusted and important pillar to achieve cyber resilience. The following technologies can help you in your continuous journey to achieve cyber resilience:
Using Automation and Orchestration Technologies as a Part of Response and Recovery Capabilities:
Air-Gapped Protection as a Fail-Safe Copy Against Propagated Malware:
Air-gapping is separating critical assets from other systems or networks physically or virtually. As in recent ransomware attacks, hackers used an automated piece of malware which can quickly traverse the network, creating havoc. As a best practice, you can create an air-gapped copy of critical assets (data and systems) to mitigate the risks of exposure and attacks.
Prevent Back Up Corruption and Deletion: Use Write Once, Read Many/Immutable Storage Technology:
Ransomware attacks like WannaCry, NotPetya have established the need for stronger protection against the corruption or deletion of data. You can use WORM/immutable storage technologies to maintain the integrity of data which in turn maintains business resiliency against the cyber-attacks.
Identifying the Recoverable Data using Efficient Point-in-Time Copies and Data Verification:
In complex attacks, hackers might be living in your network for years, meaning that there is a good chance that backup might be infected. You can use highly efficient point-in-time technology to maintain multiple copies of data and continuous data verification can help you proactively identify potential infections and take corrective actions.
Using Advance Technologies like Deception to Hack the Hackers:
You can use advanced technologies like deception technologies to deceive attackers by distributing a collection of traps and decoys across a system's infrastructure to imitate genuine assets.
Organizations should start thinking beyond cybersecurity and practice cyber resilience. Without proper cyber resilience, it will not be possible for an organization to face the impact and frequency of the current attacks which can paralyze the businesses. Also, organizations face a risk of huge fines if they are not able to comply with the increasing number of regulations that can be resolved by being cyber resilient.