Table of Contents
Why cyber resilience matters
About thirty thousand sites are hacked every day. Most of the affected companies are not prepared for attacks and go bankrupt within six months after being hacked. How not to become part of this statistic? Andersen’s security experts explain why cyber resilience is essential for business survival and how to build security processes in your organization.
What is cyber resilience?
If everything is more or less clear with cybersecurity (protection against cyber threats), then what does cyber resilience give to a business? First of all, this is a company’s ability to prepare for cyberattacks, respond to them, and restore resources if an incident does happen.
An enterprise is considered cyber resilient if it has developed mechanisms to protect against threats and a plan of action in case an “X-Day” comes. Such preparation will help the company continue to operate as usual despite the intrusion.
Cyber security is one of the components of cyber resilience. Cybersecurity includes technologies that protect infrastructure from fraudsters and reduce the risk of attacks. This is mainly the concern of a company’s IT department. Cyber resilience, on the other hand, involves comprehensive business protection measures and focuses on preparing for possible intrusions. All employees of the company are involved in this process.
If an organization has the resources to withstand a threat, it is considered cyber resilient. For example, Simon Fraser University, whose server was attacked by hackers, was able to cut it off from other servers and minimize the damage from the intrusion. Years earlier, two Czech hospitals repelled attacks on their IT systems by noticing suspicious activity on their network from IP addresses in time and backing up the data.
How to build cyber resilience
Conventional security measures are not always effective: the number of connected devices is growing, methods of hacking corporate systems are improving, and not all companies have a plan for how to protect their assets.
Cyber resilience measures can be compared to fire or earthquake drills. In everyday life, we try to protect ourselves from accidents, so why not do this concerning a corporate system, websites, e-mail, and databases?
Cyber resilience depends on infrastructure settings, the way cyber threats are controlled, and the expertise of security professionals. Here is an example of elements that increase resilience:
- network segmentation,
- two-factor authentication,
- advanced endpoint control,
- bastion host for network administration,
- employee training,
- virtual private networks,
- SOC automation and other measures.
Cyber resilience is based on four components:
- Management and protection are related to the search, analysis, and processing of security threats.
- Premature detection – during this phase, the security level is constantly being monitored to find possible anomalies and data leaks before they become a serious problem.
- Planning fighting against threats and recovery – a plan for responding to incidents without stopping business processes.
- Guarantee – support of a cyber resilience program by the management of an organization and its inclusion in business processes.
Mandatory elements of a threat protection plan
A plan to protect a company from cyberthreats typically includes protection, recovery, adaptability, and durability.
Protection. It is necessary to use modern methods of combating hacks: DNS authentication mechanisms, endpoint discovery and response, third-party risk management software, etc.
Recovery. It means that after an incident a company will return to the previous business processes without any problems. Malicious software can delete sensitive organization data or encrypt it and demand a ransom. A plan “B” is needed, where the assets are copied to a separate private network and can be restored. Employees must also be trained so that they understand their role at the time of an incident and know how to alert customers.
Adaptability. It is not enough to configure a protection system once. New types of attacks are constantly emerging. You need a specialist who will track the “innovations of the underworld”, test possible threat scenarios (for example, on digital twins), and check how the system can withstand attacks.
Durability. A cyberattack occurs every eleven seconds. A company that has been hacked once is not immune to repeated intrusions. Cyber resilience ensures the durability of protection, its continuous improvement, updating, and integration with the business.
Benefits of cyber resilience
Cyber resilience strategies prepare businesses for attacks, help them better cope with their consequences, and provide the following benefits:
- They improve the protection system
Cyber resilience helps create a plan to protect critical assets and improve the security of a company’s infrastructure. With this approach, the organization will be able to get out of the crisis with minimal losses.
- Minimize financial damage
Data breaches cost companies an average of $3.9 million. By preventing attacks, organizations can avoid serious financial losses.
- Help companies comply with data protection laws
When an organization does not allow its data and customer information to be stolen, it automatically complies with data protection laws: CCPA, FIPA, SHIELD, GDPR, and others. Non-compliance with the established rules is severely punished – fines reach $ 20 million.
- Help the company maintain its reputation
It takes many years to earn a good reputation, and sometimes one day is enough to destroy it. Ruining an image, in turn, entails financial losses. If a business understands what needs to be done before, during, and after attacks, this will reduce the consequences of a disaster.
- Improve the work of the IT department
Cyber resilience improves the daily work of the IT department and other employees of a company, allowing them to quickly respond to threats to prevent data leakage.
How to improve cyber resilience
The National Institute of Standards and Technology suggested ways to create secure systems. To improve their cyber resilience, companies can:
- Give an adaptive response to cyber threats.
- Monitor illegal intrusions regularly.
- Use multi-level means of protection.
- Hide critical data.
- Eliminate publicly disclosed vulnerabilities.
- Adopt a plan for quick system recovery.
- Look for patterns in the behavior of intruders.
- Create and store resources only when needed and for a limited period.
- Restrict access rights based on user attributes, system elements, and environmental factors.
- Weaken the links between critical and lower priority services so that penetration into one of them does not affect others.
- Create backup copies of priority resources.
- Systematize the elements by importance and reliability.
- Make sure that critical parts of the system are not damaged.
- Implement changes to the system spontaneously to make it harder for attackers to hack it.
To understand how to improve your defenses, check out this short Cyber Resilience Review (CRR). In this document, the US Department of Homeland Security has compiled criteria for evaluating the cyber resilience of an organization’s systems.