Organization leaders worldwide are increasingly aware that one single cybersecurity solution does not exist to tackle today’s sophisticated and rapidly evolving cybercrimes. Even with strengthened defenses, threat actors can find weaknesses and vulnerabilities to infiltrate a company’s network and IT Infrastructure.
Moreover, modern IT infrastructures are complex, interconnected ecosystems involving multiple organizations collaborating as a unified unit. While they may appear straightforward on the surface, behind the scenes these ecosystems are interwoven, interconnected systems that create numerous vulnerabilities and expanded attack surfaces.
Securing the intersection of these business technologies which connect users, web applications, and the underlying data is extremely difficult and imperative, especially when disaster strikes. Therefore, organizations must invest in enhancing their cyber resilience.
Note: Cyber resilience is not a replacement for cybersecurity; instead, resiliency techniques are considered complementary and support and enhance cybersecurity measures.
What is Cyber Resilience and why is it important?
According to NIST (National Institute of Standards and Technology) Cyber Resilience is “ The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources”.
The number of cyber-attacks and their business impact have grown significantly in recent years. Breaches can result in financial loss, business disruptions, damage to reputations, and regulatory actions. Early detection and quick recovery allow organizations to mitigate risk and impacts, enabling continuous business operations. With cybersecurity breaches, it’s no longer a question of “if” but “when.”
What are the challenges to achieving Cyber Resiliency?
According to a survey conducted by Anomali, the research team analyzed the findings from a poll that was conducted on 800 cybersecurity decision-makers from global enterprises across all regions with 5,000 employees or more. The survey revealed the following key insights:
- Only 49 percent of enterprise security decision-makers strongly agree that their cybersecurity teams can quickly prioritize threats based on trends, severity, and potential impact on their organization.
- On average, enterprise security decision-makers are taking several days to detect known cyberattacks coming from adversaries that include cyber-criminal organizations (3.6 days), individual hackers (3.5 days), APTs (3.3 days), and nation-states (2.9 days). After the Solar Winds breach was known, on average it took organizations 2.9 days to respond and 3.1 to recover.
- Only 46 percent of enterprise security decision-makers strongly agree that their cyber-protection technologies can evolve to detect new globally identified threats. 32 percent strongly agree their team struggles to keep up with the rapidly changing cybersecurity threat landscape.
What are the steps to achieve Cyber Resilience:
- Strategy: Define and communicate a shared goal and raise awareness of cyber risks, threats, and impacts to ensure alignment and a clear plan. Regularly practice the strategy through response exercises and critical system isolation tests.
- Practice: Document incident response plans, analyze and improve security metrics, assess resilience metrics for performance during disruptions, and evaluate risk metrics for the likelihood and severity of attacks.
- Holistic Approach: Focus on all domains of the NIST CSF, not just protection capabilities, and invest in respond-and-recover functions.
- Strong Collaboration: Engage stakeholders beyond IT and Security, recognizing that cybersecurity is a business problem requiring active participation from all.
- Governance: Establish a system of checks and balances with actionable and measurable KPIs/KPEs to enable informed decision-making and foster a culture of trust and verification.
Improving Cyber Resilience is not a single, static event. It is a continuous journey that has multiple stopovers and requires iterative and continuous improvements.
Additionally, organizations need to focus on hiring and retaining top security talent by developing desired skill sets, providing the right tools, and fostering employee satisfaction. Emphasizing cybersecurity fundamentals such as proactive and preventative security measures, including anti-malware protection, risk-based vulnerability management, and multi-factor authentication, further strengthens cyber resilience efforts. By implementing these steps, organizations can enhance their resilience to cyber threats and better protect their organization’s critical assets and operations.