6 questions that can make your enterprise future-ready with next-gen security thinking
- Why is cyber resilience important in today’s digital world and what is the need for it?
Cyber resilience refers to the ability of an organization to prepare for, defend and recover from cyber threats or cyberattacks. A cyber-resilient organization can defend itself from these attacks, limit the security breaches and guarantee its business continuity during these attacks. While cybersecurity aims to protect the systems and information technology, the aim of cyber resilience is to ensure the continuity of business without any interruption.
Based on a ISACA research of over 3600+ cybersecurity professionals from 120+ countries, HCLTech Cybersecurity and GRC Services released its 2021 State of Cybersecurity Report. The report revealed that 62% of the respondents faced a significant breach which led to disruption in organizational activity, 61% of organizations indicated their cybersecurity teams were understaffed, and 78% of the respondents stated organizational reputation as a top concern.
Solely focusing on data protection is not sufficient for businesses; they also need cyber resilience. Cybersecurity starts with the basics which include patching vulnerabilities, detecting and mitigating threats, and educating employees on how to defend their organization from cyberattacks, however, businesses need resilience across all sectors (finance, life science, healthcare, governments, etc.) to gain their customer’s trust, whether financial, legal or brand impact in the case of a cyberattack. This is where cyber resilience is needed.
- What is cyber resilience in the overall resiliency umbrella?
Cyber resilience is the ability of an organization to understand their cyber risks and create a road map that will anticipate the “what ifs.” Cyber resilience empowers an organization with all the tools to anticipate, protect, detect, defend, recover and adapt from an attack. In case of a cyberattack, it can enable them to successfully stop the spread and impact of the attack, adapt to the changing environment and then recover from it with a return to normal operations as soon as possible. These processes not only help to improve the information technology system security but also help the organizations to mitigate financial and reputational damage from an event. It also ensures organizations are meeting their RTOs and RPOs for minimal impact on their ability to deliver the core operations.
- How is cyber resilience different from business continuity/ disaster recovery security?
Cyber resilience encompasses a whole suite of policies, methods and solutions to ensure that an enterprise can identify, respond and recover from a cyberattack. It not ensures an effective disaster recovery plan in case of an attack but also ensures a resilient and dynamic security posture by learning from each cyberattack. Cyber resilience framework is designed to create end to end security approaches that are comprehensive, cost effective and flexible. It also encompasses a series of best practices.
Business continuity on the other hand is an organization’s capability to deal with difficult situations (like man-made disasters, natural calamities, supply chain failure or losing a key employee), so that the organization can continue to function with a little disruption as possible. It also provides a way to mitigate these risk by putting a framework in place to execute the key functions of an organizations during any worst situations. A perfect example of one of the risks is dependency on a single supplier for critical raw materials. What if that supplier can’t supply? A business continuity plan mitigates this risk by providing a solution to purchase raw materials from two suppliers. This will potentially halve the risk.
- What are the best practices in adopting a cyber-resilience framework for an organization?
Cyber Resilience Framework
- Identify critical assets, systems and data. The organization must understand the resources that supports critical functions within a business context.
- Protect critical infrastructure assets. Here the enterprise installs the first line of security to limit or contain the impact of any potential threat.
- Detect strange events, data breaches before a major damage occurs. This retreats the constant security monitoring.
- Respond to detected security breach. This function involves end to end incident response plans to ensure business runs as usual in case of a cyberattack.
- Recover affected infrastructure or services compromised during a cyberattack. This step mainly focuses on making a timely return to normal efforts.
- How are different cyber resiliency solutions meeting the business requirements in today’s world?
The acceleration of digital transformation and hyper-convergence - coupled with the ever widening threat landscape and malicious actors - create unintended risks, vulnerabilities, attacks and failures. This has further amplified the need of cyber resilience for businesses. A cyber resilience strategy will empower your business to reduce risks, financial impact and reputational damages. Below are few of the cyber resilience solutions provided by service providers to meet business requirements.
- Air Gapped – An air gapping or disconnected network is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks. For instance, public internet or an unsecured local area network.
- PowerProtect Cyber Recovery Policy - PowerProtect Cyber Recovery solutions and services provide the highest levels of protection, integrity, and confidentiality for your most valuable data and critical business systems and ,are a critical component of a comprehensive cyber resiliency strategy.
- Logical air gap – A logical air gap refers to the segregation and protection of a network’s digital asset by means of a logical process. It is possible to achieve the same security outcomes that are available through a physical air gap. In case of an instance where an outside agent accesses the digital asset, the asset cannot be understood or modified.
- Sandbox – A sandbox is an isolated environment on a network that mimics end-user operating environments. Sandboxes are used to safely execute suspicious codes without risking harm to the host or network.
- Synchronization - Synchronization is built around an internal entity known as the lock or monitor. Every object has a lock associated with it. By convention, a thread that needs consistent access to an object's field has to acquire the object's lock before accessing them, and then release the lock when it's done with them.
- How can you improve cyber resilience culture in your organization?
The best and simplest way to maintain cybersecurity in every organization is by creating a culture of cyber resilience in the workplace. Below are four ways organizations can achieve a cyber-resilient workplace.
- Employ a Chief Information Security Officer (CISO) – A CISO can lead the cyber security of an organization to higher levels with his/her wealth of experience. By managing risks, monitoring IT compliance, preventing threats, looking for vulnerabilities and creating a culture of cybersecurity awareness, they can ensure the smooth running of cyber resilience initiatives.
- Nurture a culture of cyber resilience – Organizations must educate the first line of defense by encouraging the entire work force to adopt a mindset of cyber resilience. All employees should understand how to identify and detect malwares and phishing threats and they should be aware of the consequences of a data breach. Leaders must therefore promote teamwork and knowledge sharing across teams. Peer learning is one of the best way where an organization can instill a security-focused work culture.
- Creating formal cybersecurity policies – A strong risk management policy is an integral aspect of a cyber-resilience framework. When organizations have documented proven security processes as part of their official guidelines then employees will have a reliable set of protocols to guide their efforts.
- Make cyber resilience a priority at board meetings – Incident response strategies and cyber resilience framework are live and evolving assets. It is therefore critical to make sure that the policies and security practices are reviewed and updated on a regular basis.