The Best Practices for Cyber-resiliency in an Enterprise World

In the face of adversity, your enterprise’s ability to continue with business, even in a degraded mode, heavily depends on the resiliency of its cyber systems. 

Contents:

1. What is cyber-resiliency?

2. The Three Main Components of Cyber-resilience

3. How is Cyber-Resiliency Different From Cybersecurity?

4. Cyber-resiliency And COVID-19

5. How Does Cyber-Resiliency Affect Day-to-day Business?

6. Planning for Cyber-Resiliency

7. Why Should You Enterprise Address Cyber-Resiliency?

8. How You Can Improve Your Cyber-Resiliency For Your Enterprise

What is cyber-resiliency?

What is cyber-resiliency? Cyber-resiliency is an organization’s ability to continue to deliver its products and services, regardless of any cyber-related events that can impact your company’s normal operations. This ability is highlighted by the concept which businesses must prepare for, prevent, respond, and successfully recover to a secure state without degradation or disruption to its normal delivery expectations. Security must be considered as a core business function, designed to protect resources and implemented to mitigate risk. 

Organizations must securely design and implement infrastructure, applications, and operations to be cyber-resilient. So including security is a key and conscious decision in the approach to designing business solutions end-to-end. Implemented properly, cyber-resilience brings together information security, business continuity, and organizational resilience, ensuring a secure design approach. Security best practices must be considered and built into policies, procedures, infrastructure, and applications and provide appropriate visibility into, and control over these components, regardless of normal or adverse activity.

The three main components of cyber-resilience

Protect 

By protecting your systems, data, and applications, you’re ensuring that the only people who can access your systems are authorized users. Having the ability to track the users where they go through your system is a sign of strong identity access management. You should also have the ability to detect any vulnerabilities in your system, allowing you to find any weaknesses. The data in your system, whether it be you customers’ or employees’ information or the intellectual property of your organization, needs to be guarded with high security levels.

Detect

Your cyber-resiliency strategy should be able to detect when a malicious act against your company is being attempted. This can sometimes be difficult, as bad actors can work in covert ways and have become more sophisticated in their attempts at a security breach for your systems. It’s worth noting that some advanced threats are not limited to outside attempts, and can begin from inside of your organization. IBM has found that the average delay in security breach detection and containment is 280 days, where these bad actors are working to damage systems and destroy or steal data without anyone knowing.

A key part to detection is knowing what data is held, and where it’s held, on your company’s systems. This enables you to create cyber-resiliency systems that can identify behaviors that aren’t meeting typical patterns, and can therefore put the company at risk of a security breach.

Evolve

The final component of your cyber-resiliency strategy should be on the ability to evolve and adapt your security, ensuring you are staying ahead of threats. Hackers are continuously working to figure out new or different ways to exploit any vulnerabilities in your systems, and a cyber-resilient enterprise has the ability to anticipate these new attacks through threat modeling, and working to defend an attack before it becomes a vulnerability.

Being able to evolve means that you will need the ability to quickly deploy and integrate new services on-site and in the cloud. Ideally, any products you use including software and firmware are working within their best practices and are deploying any patches or updates for security vulnerabilities in a timely manner.

How is cyber-resiliency different from cybersecurity?

Knowing the difference between cyber-resiliency and cyber security is key to being able to protect your enterprise. While cybersecurity focuses more on protecting your organization from a cyber attack, cyber-resiliency is what happens when any of the cybersecurity measures fail, or if systems are disrupted by things such as power outages, weather, and human error. Cybersecurity will utilize VPNs, firewalls, anti-malware software, patching tools, and employee training on secure behaviors. Cyber-resiliency is then taken into account if the enterprise’s operations are heavily reliant on technology, specifically when critical data is stored electronically, and how the areas of operations can be affected by adversaries.

Having a good cyber-resiliency program will help enable your organization to secure the business, while also reducing any exposure time to cyberthreats, resulting in a reduced impact of cyber attacks, helping to keep your business sustained.

Cyber-resiliency and COVID-19

Cyber-resiliency can be specially relevant in times like the ones we’re in now, where due to lockdown measures, online commerce is booming like never before, and those services have to ensure reliability despite security events. Companies like Amazon, Zoom, Google, and Microsoft have enhanced not only their cybersecurity measures, but also their cyber-resiliency. 

Through the COVID-19 pandemic, organizations have been able to see and address the importance and issues with their stability, productivity, and survival. With more organizations switching to digital business models to accommodate their employees working from home, the issue of remote access potentially compromising internal systems has been addressed through cyber-resiliency. With the quick shift in a majority of people working from home, this forced digitalization has been taken advantage of by bad actors and hackers. There has been a significant increase in phishing, fraudulent offers, ransomware, and harassment since the start of the pandemic. Incorporating multi factor authentication or Virtual Private Networks (VPNs), has helped companies enhance their security measures for issues such as remote worker access, and improved policies on video conferences have helped protect against  “zoom-bombing”, where internet trolls are joining in on video conference calls with the intent of causing unwanted, disruptive intrusion.

In this technological climate, with the serious and existential risk, having thoughtful cyber-resilience reporting is imperative to your overall cyber-resilience system. With more transparency for stakeholders, more informed decision making can happen. By having the appropriate cyber-resiliency practices and systems in place, your enterprise can be better equipped to build out a new, stronger, culture that helps to combat risk. This can be translated in accurate accounting and reporting of system redundancies, up-to-date dependency maps for complex system architectures and having methods in-place for this information to reach whoever needs it during an unexpected event. Finally, an enterprise that has thoughtful reporting on cyber-resiliency can benefit from the enhanced reputation that is linked directly to care and transparency. When your systems fail due to some unforeseen circumstance, let your users know about it and explain the steps being taken or the failsafe procedures now in effect to mitigate the problem.

While the pandemic of COVID-19 has drastically affected how business is run, pandemics aren’t the only thing that businesses and enterprises need to build resiliency. Other outside factors that can affect your enterprise’s resiliency are: abrupt shifts in the economy, forces of nature, terrorism (cyber or physical), and more – and all need to be included during disaster recovery planning when it comes to building your enterprise’s resilience.

How does cyber-resiliency affect day-to-day business?

Cyber resiliency affects processes by requiring them to have contingency plans to effectively overcome systems not being available – everything from consumer facing services like a sales website to internal services such as human resources and accounting.

It can affect both digital and physical processes, for example, both online sales and goods delivery have to be resilient to inventory management systems being taken offline. It would be unacceptable to customers if their goods were not delivered by Amazon if somehow a server at Amazon was compromised. So, there should be redundancy in the processes.

Planning for cyber-resiliency

While processes can be adapted to account for cyber-resiliency, the best way is to integrate such concerns during the planning stage:

• Account for redundant, but physically separate systems. Having multiple layers of redundancy in place, from disks, power supplies, power and network cabling, AC, redundant and clustered servers, in addition to multi-layer monitoring in the cloud can impact your cyber-resiliency.
• Design system architecture, taking into account the time needed to perform maintenance tasks, and/or use a live patching tool.
• Have your systems account for “design for failure” as a core concern, whether that failure comes from a security flaw or a hardware problem. By creating your software from the ground up with the mentality that every single piece of it can and will fail, either maliciously or by accident, without impacting the end-users experience, is the best way to design for failure.

One component of the best practices is a sound vulnerability patching policy. Usually, patching vulnerabilities requires a maintenance window because it’s a disruptive activity (system reboots, service restarts). With a live patching tool, the patching process can happen without such disruption and that means faster response times when dealing with new vulnerabilities being disclosed.

Why should your enterprise address cyber-resiliency?

Your enterprise should address cyber resiliency so it can continue to provide mission-essential and mission-critical capabilities, while also giving cyber defenders the tools necessary to respond to adversarial actions quickly and effectively. When resiliency measures are incorporated during the flexible and extensible acquisition process, the cyber defenders’ ability to adapt and counteract adversaries increases.

Your core business functions need to continue in the event of an attack, disaster, or any other force. While your business may have a disaster recovery process in place that is focused on natural disasters, being sure to have a disaster recovery plan that also includes cyber-resiliency during any other occurrence that can put your critical systems at risk is ideal.

With a flexible and adaptable approach to cybersecurity and cyber-resiliency, your organization can realize the benefits in a landscape that is constantly changing with potential disasters, hackers, and even a changing business model. Some benefits include:

• Fewer incidents – When you have a system in place that is continuously monitoring and working to protect your company’s data, you are able to respond to any vulnerabilities and risks, leading to fewer incidents.
• Fewer fines and penalties – You need to be able to comply with any governmental or regulatory mandates for security, and having a robust cyber-resiliency process in place, you are able to easily identify and protect data you collect, leading to fewer fines and penalties, and even reducing the risk of a lawsuit.
• Less risk of a security breach – A strong cyber-resiliency process will help mitigate a security breach. A security breach can not only affect your technological needs, but can additionally stop any vital business processes, causing a PR nightmare and damaging your company’s reputation.
• Enhanced reputation – In today’s technological climate, customers are being more wary about who they trust with their data. If they see in the news that a brand has been associated with a security breach, that will lead them to be distrustful. However, companies that work to protect their customer data and implement sound cybersecurity and cyber-resiliency programs, they will eventually garner more business, and give you a bigger bottom line.

How you can improve your cyber-resilience for your enterprise

Having an effective cyber-resiliency strategy in place can include multiple facets of cybersecurity solutions. These can include:

• Artificial Intelligence/ Machine Learning – AI/ML plays a big part in effective cyber-resilience. The enormous amount of data that is created through security solutions, AI/ML can analyze the behaviors or risks and automate a response that increases your organization’s ability to adapt to different attacks or vulnerabilities.
• Data Security – Ensuring that your data, both structured and unstructured, is secure should be a primary concern and component of both your cybersecurity and cyber-resiliency systems. You need the ability to analyze what data you have, and get important insights, while also staying compliant with governmental regulations.
• Application Security – Your application strategy begins in the development process, and your testing needs to integrate with your DevOps, while also being scalable and flexible for on-premise or on-demand use.
• Identity and Access Management – Having identity and access management for your systems ensures you are able to manage who, whether it be employees or customers, and what, devices or services, that are accessing your data and systems. With identity and access management, you are able to develop trusted identities, see normal patterns of those identities, and identify any abnormal patterns.

Conclusion

Successful business models should account and deploy systems and processes that are cyber-resilient to ensure operational efficiency and success. Security incidents will happen, it’s up to each business how much it wants to let those incidents affect their bottom line. Improving processes like maintenance and switch to live patching tools if not yet using them is a step in the right direction.