Cyber Resilience. Are you prepared for an attack?

Since you found your way to this post, you must be aware of the terms cyber, security, and attack. Cyber-attack and cyber security are two entities that are always at arms with each other. It’s a never-ending duel. Moving on to cyber resilience…

Security experts say that a cyber-attack is imminent. All organisations big or small will be subject to a cyber-attack. The scale of the attack is irrelevant in this case. Every now and then hackers try to breach a system’s security, mostly without any success. Nevertheless, it is found that even small attacks had huge impacts on the functioning of organisations. How could low-level attacks, that were not even a real threat to begin with, disrupt any organisation’s operations? Why do even unsuccessful cyber-attacks have catastrophic effects on an enterprise? The answer is lack of cyber resilience.

What is cyber resilience

Cyber resilience is the ability of an enterprise/organisation to deliver the intended services and remain functional during an undesirable or hostile cyber event. Its objective is to maintain the service delivery mechanisms and restore the regular functioning of an enterprise in case of a cyber-attack. Simply put, it’s the resiliency and survivability of an entity to a cyber-attack. As defined by the Presidential Policy Directive (PPD-21), the term “resilience” means the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.

How cyber security and cyber resilience differ

Cyber security focuses on developing and implementing technologies, actions, and procedures designed for protecting a system or network from cyber-attacks. Cyber security aims at reducing the risk of cyber-attacks and protecting the integrity of a system. In context of cyber security, cyber resilience is the bigger picture. It incorporates both cyber security and operational resilience, i.e. making sure that

  • necessary measures have been taken to put a robust security in place without compromising the business operations,
  • the business remains operational even after a (successful) cyber-attack.

Why the need for cyber resilience

Most organisations lack a strategy for surviving cyber-attacks. Implementing strong security measures is not enough anymore to protect against attacks, not while attackers are getting creative with each attack. Also, most by-the-book security measures have common themes, and their design patterns are known to attackers. An organisation’s CISOs and CTOs may not be aware of every process that’s taking place inside the organization and hence, possibly will not be able to cover everything. New technologies are coming in everyday, and most of them are potential security risks. Take cloud access for example, while it’s a wonderful technology, the security risks associated with cloud access are immense. And attackers are always on the look-out for vulnerabilities they can exploit. And betting all your chips on strong security only, may lose you everything.

Where to begin

To be cyber resilient, you must have a strong security in place and a plan regain control of the operations. Take steps to reduce the impact of a cyber-attack, be prepared. Cyber resiliency is all about how well a business performs during an attack. Apart from conventional security measures, focus on the following factors to be cyber resilient:

  1. Understand the business, identify the main functions of the organisation, the critical operations, understand the working of each individual process in the company. These are the processes that must remain operational at all cost, especially during adverse cyber conditions
  2. Approach systems with a business mindset, the focus now is not preventing an attack, or dealing with the advances of an attacker, it is to make sure that the backup systems are in place and fully operational, the ability to run the business in the intended way takes precedence
  3. Keeping critical operations going, break each operation into small segments, each segment into individual process, identify which process is critical and quantify potential losses in case a process becomes non-functional

Similarly take steps towards strengthening the security of the system:

  1. Protect core assets, once you have identified the code assets of your business, protect them with maximum security measures at your disposal, functioning core assets/processes are required for a business to remain operational
  2. Test incidence response, reduce mean time to detection and remediation, these are two important metrics to look into, the meantime between when an attack takes place and when it was identified by the security measures must be as low as possible. The system must start fixing any damage done by the attack at the earliest
  3. Invest in breakthrough technologies, adapt and implement new security measures, stronger the security, harder it becomes for an attacker to breach it
  4. Aggressively hunt for threats, the sooner you are aware of a threat the more time you have to take steps to stop it and equip your system with adequate security standards. Being aware of vulnerabilities saves the resources that would have been spent in finding them
  5. Empower the security leader, not everyone is a pro, regularly review the skills of chief executives such as CISOs and CTOs to make sure they are updated with the functioning of the organisation and the current security standards. They must have proper visibility of the operations inside the organisation and every available support they need
  6. Limit the attacker’s movements, in most cases whenever an attacker gains access to a system, they’re unaware of their location inside. Limit their movement by segmenting the security of the system. Instead of having a secure perimeter, protect each node in the system.

Finally, always stay up-to-date with the current standards and measures for security. This maybe the most important step you take towards strengthening the security of your system. The journey through the landscape of cyber resilience is a long one, full of threats and with lots of room for improvement. Tread carefully and endure. And most of all, never adapt a false sense of security, this is the worst mistake anyone can make.