×

As per the World Economic Forum's "Global Risks Report 2020”, data fraud, data theft, and cyberattacks as among the top five biggest risks the world faces. That's primarily because of the huge business impact of cyberattacks.

  • Maersk has faced a cost of an estimated sum of $300 million after the NotPetya malware shut down their operations
  • Yahoo got $350 million less from Verizon after it suffered two cyberattacks which decreased its valuation

Lately, cyber resilience has become quite the buzzword in the industry. And the reasons are pretty obvious. You might be working on cybersecurity for decades and be already prepared for data breaches and cyberattacks in a more text-book context. But what if disaster hits you? In that case, would your business still be able to function properly? That’s probably why achieving cyber resilience is very important for your organization.

 

Achieving Cyber Resilience

Cyber resilience is not a one-time thing, it’s a continuous iterative process that provides constant scrutiny across the organization to help in recovering from an attack. This process is different to traditional defenses which lose their usefulness, once bypassed. To achieve cyber resilience, it’s important to achieve the right balance between people, processes, and technology. The common mistake made is to become over-dependent on technology and tools while ignoring the importance of well- informed and skilled people and well-designed processes for cyber resilience. You should try to fit together all three components of cyber resilience in a complementary way, without gaps.

 

Governance and Processes:

The right governance and strong processes in place play an important role in achieving cyber resilience.

You can follow some of the best practices as below:

Regulatory Reporting and Assurances: Regulatory compliance might seem to be ineffective as it mainly consists of checkboxes and forms, but it’s a good practice. You should validate that proper controls are in place and operating effectively on data.

Responsive Governance: You need a responsive, agile adjustment of policies, processes, and technologies in place rather than depending on a fixed review period.

Alignment with the Organization’s Overall Governance Framework: You need to ensure that the organization’s overall governance plan, i.e. documented strategies, principles, policies, rules and procedures are in line with the overall governance framework.

 

Documentation Process for Collaboration and Information Sharing
  • You need to collaborate within the organization as well as externally with third-party organizations to gather intelligence and engage specialists to undertake security monitoring and assessments.
  • You should have confidential information-sharing arrangements in place.

 

Centralized Asset Management and Configuration System

You should create an asset inventory for software, hardware, and data, both internal and external, which is managed through a centralized asset management system to achieve full visibility of the organization’s critical assets and security controls. This makes overall management easier.

 

Response Planning

You should be ready to face cyber breaches and should check your preparedness for the same in a timely manner using some of the strategies as below:

  • Scenario based prediction: Given a scenario, you should be able to predict the types of incidents/attacks that might occur based on a specific risk profile. Then implement and exercise response processes accordingly.
  • War gaming: You can adopt war gaming exercises in your organizations to better understand and plan your defense against malicious cyber activities. It’s more like a team fighting with hackers who are trying to attack your organization.
  • Proactive reporting: You should have a holistic reporting mechanism in place to cope with a changing threat landscape and security controls that are in place.

 

Creating a Communication Plan

Have a documented communication plan in place to determine when and how to notify customers, other key stakeholders, and public relations teams.

 

Identifying and Detecting Security Incidents
  • Continuous monitoring systems

Use technologies like Security Information and Event Management (SIEM) to detect and alert of anomalous behaviors.

  • Data analytics

There are a lot of threat feeds like threats detected by internal teams, OSINT, collaboration and information-sharing channels etc. and it’s important for you to utilize this data and get actionable insights using analytics which give a real time view into risks and the threat landscape.

 
Preventing Security Incidents

You can deploy the following controls to prevent cyber security incidents:

  • Application control: This will prevent execution of malicious/ unapproved programs.
  • Patch applications: Patch all the applications on a timely basis.
  • Configure Microsoft Office macro settings: Block the macros execution from the internet, and only allowing it from trusted sources.
  • Application hardening: Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
  • Restricting administrative privileges: Restrict the admin privileges of key applications and operating systems based on user duties and validate the need for privileges on a regular basis.
  • Set up multi-factor authentication: For privileged users or users with access to sensitive/high availability information.
 
Recovering Data and System Availability

Instill a culture of taking daily backups: It’s important that you should take daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months.

People:

People are considered to be the weakest link of the cybersecurity chain, and are usually targeted by hackers. Make sure that everybody in the organization gets relevant cybersecurity trainings depending on their roles and are engaged on regular basis.

 
Board Engagement

Your cyber resilience program should start from the very top of the organization. Board members should engage in:

  • Periodic review of different cyber resilience initiatives and their progress.
  • Cyber resilience as a management tool: To continuously monitor the organization’s readiness to face a cybersecurity attack or data breach.
  • Cyber resilience fluency: Train your board members in basic cybersecurity terms that are important to your business, and also those that they need to look out for. In this way, they can ask intelligent questions to auditors, and others related to cyber resilience.
 
Cyber Risk Focused Groups

Establish specialist functional groups within your organization to monitor and address risks in real time.

 
Continuous Development

Keep plans and strategies in place for continuous development of knowledge and awareness of your staff —so that they can provide an effective defense against malicious cyber activities like phishing attacks and other forms of social engineering.

 
Random Staff Testing and Effectiveness Check of Your Defenses

Conduct regular random testing activities to check the awareness of stakeholders as well as the security teams to stop those attacks. For example, you can send a test email containing malware to a staff member or group to test their response and based on their response they could go through further trainings to develop the awareness and skills required.

 
Red Team

Enlist experts who try to break into your systems to check the effectiveness of your defenses.

 

Tools and Technologies

Technology is the biggest enabler to fight against cyber criminals and is the most trusted and important pillar to achieve cyber resilience. The following technologies can help you in your continuous journey to achieve cyber resilience:

Using Automation and Orchestration Technologies as a Part of Response and Recovery Capabilities:

  • Orchestration can augment analysis, giving your team quick access to information and the ability to respond faster.
  • Automation can be utilized in the recovery of interconnected systems as manual recovery might introduce human error. It can also mitigate that risk and facilitate a faster recovery.

Air-Gapped Protection as a Fail-Safe Copy Against Propagated Malware:

Air-gapping is separating critical assets from other systems or networks physically or virtually. As in recent ransomware attacks, hackers used an automated piece of malware which can quickly traverse the network, creating havoc. As a best practice, you can create an air-gapped copy of critical assets (data and systems) to mitigate the risks of exposure and attacks.

Prevent Back Up Corruption and Deletion: Use Write Once, Read Many/Immutable Storage Technology:

Ransomware attacks like WannaCry, NotPetya have established the need for stronger protection against the corruption or deletion of data. You can use WORM/immutable storage technologies to maintain the integrity of data which in turn maintains business resiliency against the cyber-attacks.

Identifying the Recoverable Data using Efficient Point-in-Time Copies and Data Verification:

In complex attacks, hackers might be living in your network for years, meaning that there is a good chance that backup might be infected. You can use highly efficient point-in-time technology to maintain multiple copies of data and continuous data verification can help you proactively identify potential infections and take corrective actions.

Using Advance Technologies like Deception to Hack the Hackers:

You can use advanced technologies like deception technologies to deceive attackers by distributing a collection of traps and decoys across a system's infrastructure to imitate genuine assets.

 
Conclusion:

Organizations should start thinking beyond cybersecurity and practice cyber resilience. Without proper cyber resilience, it will not be possible for an organization to face the impact and frequency of the current attacks which can paralyze the businesses. Also, organizations face a risk of huge fines if they are not able to comply with the increasing number of regulations that can be resolved by being cyber resilient.

 
Key takeaways:
  • Cyber resilience is a continuous improvement process where you learn from past breaches, mistakes and fill in the gaps. Also, you should be proactive with well-trained people, processes, and technologies to face APTs (advanced persistent threats).
  • Try to achieve a balance between people, processes, and technologies.
  • Using technology as an enabler, focus on achieving a balanced technology portfolio i.e. in terms of technologies you are investing in – more investment should be directed towards response and recover capabilities.