May 29, 2024
Why a Good Cyber Resilience Strategy Is Essential to Business Success
To deal with evolving threats and ensure business continuity, organizations need a comprehensive approach that enables them to bounce back quickly.
Every organization depends on cyber resources, but unexpected stresses or concerted attacks will often show them to be fragile, with limited ability to withstand, adapt or recover.
Such stresses and attacks continue to grow. Today’s IT and security professionals are inundated with alerts about potential threats, and they must constantly be on guard for intrusions including ransomware, phishing, data breaches and supply chain attacks. The rise of artificial intelligence (AI) will continue to give cybercriminals new ways to automate and scale up their nefarious activities.
A robust cyber resiliency program is critical to protecting organizations from these growing threats. Cyber resilience goes beyond more traditional cybersecurity strategies, which are often focused primarily on prevention or protection, to include recovery strategies and tools for when those defenses fail. A strong and well-executed cyber resilience strategy focuses on improving defenses, maintaining business continuity and improving recovery, knowing that prevention and detection isn’t always possible.
A cybersecurity breach is almost inevitable. What’s your next move?
Every organization depends on cyber resources, but unexpected stresses or concerted attacks will often show them to be fragile, with limited ability to withstand, adapt or recover.
Such stresses and attacks continue to grow. Today’s IT and security professionals are inundated with alerts about potential threats, and they must constantly be on guard for intrusions including ransomware, phishing, data breaches and supply chain attacks. The rise of artificial intelligence (AI) will continue to give cybercriminals new ways to automate and scale up their nefarious activities.
A robust cyber resiliency program is critical to protecting organizations from these growing threats. Cyber resilience goes beyond more traditional cybersecurity strategies, which are often focused primarily on prevention or protection, to include recovery strategies and tools for when those defenses fail. A strong and well-executed cyber resilience strategy focuses on improving defenses, maintaining business continuity and improving recovery, knowing that prevention and detection isn’t always possible.
A cybersecurity breach is almost inevitable.
What’s your next move?
Over the past decade, cybersecurity and IT leaders have found themselves facing a nearly impossible set of challenges. The gradual disappearance of enforceable network perimeters, which served for decades as the definitive line of defense against attackers, posed enough difficulties to keep CISOs up at night. However, the disappearance of the network perimeter has also coincided with a dramatic spike in attack volume, enormous ransom demands and the rise of cyber terrorism. Breaches have become common and CISOs are wondering how to respond.
Most important, these breaches have shown that mission-critical cyber resources are often more fragile and more difficult to recover than originally thought. While cybersecurity defenses continue to improve, experience has shown that they are limited in their ability to protect an organization. Not only are attackers often able to compromise fundamental parts of infrastructure but they often do so in a way that compromises their trustworthiness. Breached organizations are left to address the restoration of their systems and data as well as the broken trust in those systems and data.
Cyber resilience focuses on the organization’s ability to prepare for, respond to and recover from these risks, ensuring that a business can continue its essential functions even in the face of catastrophe. Cybersecurity is a critical component, but cyber resilience encompasses incident response and business continuity practices that can mitigate and repair the damage from a successful attack.
$1.5M
The average cost savings after a data breach achieved by organizations with high levels of incident response planning and testing, compared with other impacted organizations
Source: IBM Security, The Cost of a Data Breach Report 2023, December 2023
In many organizations, cybersecurity, business continuity and disaster recovery practices have operated independently, often governed by different parts of the organization. By combining them under a common cyber resilience strategy, organizations can address these challenges more effectively. These partnerships can also build trust with clients and customers, reduce chances of financial loss due to downtime, and reduce the damage that inevitably comes with a major breach.
Over the past decade, cybersecurity and IT leaders have found themselves facing a nearly impossible set of challenges. The gradual disappearance of enforceable network perimeters, which served for decades as the definitive line of defense against attackers, posed enough difficulties to keep CISOs up at night. However, the disappearance of the network perimeter has also coincided with a dramatic spike in attack volume, enormous ransom demands and the rise of cyber terrorism. Breaches have become common and CISOs are wondering how to respond.
Most important, these breaches have shown that mission-critical cyber resources are often more fragile and more difficult to recover than originally thought. While cybersecurity defenses continue to improve, experience has shown that they are limited in their ability to protect an organization. Not only are attackers often able to compromise fundamental parts of infrastructure but they often do so in a way that compromises their trustworthiness. Breached organizations are left to address the restoration of their systems and data as well as the broken trust in those systems and data.
$1.5M
The average cost savings after a data breach achieved by organizations with high levels of incident response planning and testing, compared with other impacted organizations
Source: Ponemon Institute, “The Cost of a Data Breach Report 2023,” December 2023
Cyber resilience focuses on the organization’s ability to prepare for, respond to and recover from these risks, ensuring that a business can continue its essential functions even in the face of catastrophe. Cybersecurity is a critical component, but cyber resilience encompasses incident response and business continuity practices that can mitigate and repair the damage from a successful attack.
In many organizations, cybersecurity, business continuity and disaster recovery practices have operated independently, often governed by different parts of the organization. By combining them under a common cyber resilience strategy, organizations can address these challenges more effectively. These partnerships can also build trust with clients and customers, reduce chances of financial loss due to downtime, and reduce the damage that inevitably comes with a major breach.
The Cybersecurity Landscape: By the Numbers
75%
The increase in cloud environment intrusions from 2022 to 2023
Source: CrowdStrike, Global Threat Report 2024, February 2024
$4.5M
The average total cost of a data breach in 2023, representing an all-time high and an increase of more than 15 percent since 2020
Source: IBM Security, The Cost of a Data Breach Report 2023, December 2023
204
The average number of days required for organizations to identify a breach, with another 73 days needed to contain the breach
Source: IBM Security, The Cost of a Data Breach Report 2023, December 2023
The Cybersecurity Landscape: By the Numbers
75%
The increase in cloud environment intrusions from 2022 to 2023
Source: CrowdStrike, Global Threat Report 2024, February 2024
$4.5M
The average total cost of a data breach in 2023, representing an all-time high and an increase of more than 15 percent since 2020
Source: IBM Security, The Cost of a Data Breach Report 2023, December 2023
204
The average number of days required for organizations to identify a breach, with another 73 days needed to contain the breach
Source: IBM Security, The Cost of a Data Breach Report 2023, December 2023
- EVOLVING THREAT LANDSCAPES
- CYBER RESILIENT ORGANIZATIONS
- CYBER RESILIENCE STRATEGIES
Today’s cybersecurity landscape bears only a passing resemblance to that of a few decades ago. Twenty years ago, exploits tended to take advantage of simple configuration issues and software vulnerabilities. Systems were built for availability and to work, not work under threat.
But as defensive measures improved and financial incentives increased, attackers were driven to find new and successful ways to exploit organizations. Today, rather than battling back isolated exploits from individual hackers, organizations now confront coordinated, global threats that target economic and social vulnerabilities with pinpoint precision, often taking advantage of intentional functionality and organizationally supplied tools. Further, organizations must overcome other sources of stress and vulnerability to their systems.
RANSOMWARE: It is difficult to overstate the impact that ransomware has had over the past decade. Looking past the direct losses (the FBI reports that $12.5 billion was lost to ransomware attacks in the U.S. alone in 2023), ransomware’s continued success comes from constant change driven by the need to evade improving defenses and law enforcement takedowns. Social engineering and credential theft continue to be the top attack vectors used by malicious actors, more often than any other action, leading to ransomware events.
Click Below to Continue Reading
PHISHING: One of the oldest forms of cyberattack, phishing remains a serious problem because the intended victim continues to be a soft target, especially as attacks grow in sophistication. Spear phishing, in which attackers target specific individuals with highly personalized messages, was always dangerous. But these attacks are now becoming easier to craft thanks to the malicious use of generative AI. Historically, organizations sought to improve their defenses through user education and training. Today, organizations must assume malicious actors will be successful and plan their cyber resilience strategies accordingly.
COMPLEXITY OF MODERN IT: As organizations develop increasingly complex IT environments that combine legacy systems, cloud services and third-party integrations, they face significant risks. These complex environments can be challenging to manage and secure. Further, vulnerabilities and dependencies in one part of an organization’s infrastructure can affect the functions of other systems throughout the environment. For example, an application hosted by one cloud provider may rely on microservices supported by another provider. These risks must be understood and addressed to improve cyber resilience.
SUPPLY CHAIN ATTACKS: Cybercriminals frequently target the weak links in supply chains, such as small suppliers or third-party service providers that have access to the information or systems of a larger, more secure organization. By compromising the smaller entity, attackers can bypass the stronger defenses of the larger organization by exploiting that trust.
LIMITED VISIBILITY: The complexity of modern IT systems also makes it more difficult for organizations to maintain clear visibility into their environments, which is crucial for cyber resilience. Inadequate monitoring and visibility into an organization’s network and systems can result in the delayed detection of security incidents. The longer it takes IT teams to detect an incident, the more damage cyberattacks can do, and the longer it may take for a recovery. Organizations need robust monitoring tools and practices to identify and respond to threats promptly.
It’s not all doom and gloom: There are several effective strategies any organization can use to improve cyber resilience against even the most sophisticated threats.
Focus on the Fragile: Traditionally, cyber risk management has focused on identifying and mitigating risks to the most valuable assets and often paying less attention to less valuable but more fragile parts of the environment.
Fragility, not vulnerability, is the opposite of resilience. A system may be vulnerable to exploitation but fundamentally continue to work as intended even if it is exploited. Fragile systems, on the other hand, can break so fundamentally that they stop working as intended or cease to be trustworthy. Historically, organizations have focused on protecting the confidentiality of their systems. Now they must also consider the availability of their systems. These systems break when put under sufficient pressure and may be costly to repair or recover. Worse, they can affect other systems that depend on them. Many of the threats organizations face focus on identifying such fragile points and exploiting them. Efforts to improve strength and resilience will help limit the impact of availability attacks.
Prepare for Impact: It is inevitable that systems will break under pressure, but few organizations are well-prepared to accept and absorb this impact, particularly to critical infrastructure or data. When these systems are impacted, critical processes may fail.
Resilient organizations work to identify ways that they can continue to operate even when such systems may be affected by a cyberattack. They look for ways to continue to operate while damage to systems, data or trust is being repaired. They prepare alternative processes that assume that systems will be impacted and work with key stakeholders to figure out how best to address these issues.
Organizations can start by examining key processes and identifying where they rely heavily on undamaged capabilities to work. In situations where systems need to be functioning at a high level, they should determine what effect a lower level of function might have. Is it still usable? How is it still usable? Ultimately, organizations must find ways to work.
Click Below to Continue Reading
Know What Is Needed to Maintain Viability: Most organizations have reasonably clear ideas about which systems are mission-critical, but fewer organizations have a clear idea about what they would need to maintain to remain viable as an organization. In a widespread cyberattack, it may simply not be possible to repair or recover everything quickly, so organizational leaders need to understand what they absolutely need.
Defining what represents a minimum viable organization will help to focus effort on the capabilities needed to keep the organization alive. Determining minimum viability typically results in identifying the subset of critical business processes (and associated applications, infrastructure and data) where leaders should really focus their investments in cyber resilience and recovery.
Become a Moving Target: Cyber resilience is not only about making targeted platforms more resistant to sustained attack. It’s also about making them harder to attack in the first place. When organizations continue to deploy and protect targeted applications, systems and data in predictable ways, they make things easier for the attackers. Given time, even highly complex environments may be fully enumerated by a persistent attacker. As highly adaptive, AI-driven attacks become more common, organizations will have even less time and resources for their defense.
AI-driven adaptability is also essential to newer cybersecurity solutions that can leverage a moving-target approach. By using adaptive techniques (often also driven by AI approaches), organizations can provide shifting defenses that alter the attack surface or change vulnerable assets to make it more difficult to get a foothold. They may also use similar techniques to adapt to new attacks more quickly, helping vulnerable systems to be self-healing.
Build Up Organizational Resilience: While cyber resilience efforts tend to focus on applications, systems, data and infrastructure, it’s just as important to make an organization — particularly its people — more resilient under pressure.
This typically starts by recognizing that response to a serious cyber incident is almost always driven by a few key individuals. They must respond well in a crisis, be quick to make decisions and take action, and have strong knowledge about what can be done and how. Organization leaders also must understand that during an incident, they can overutilize these individuals and should instead increase their reliance on their wider teams.
By focusing on developing the strengths of the team, organizations can improve overall resilience under pressure.
To truly enable cyber resilience, organizations must invest in more than just traditional cybersecurity solutions. They also must implement tools that address the human element of cybersecurity, leverage automation and promote visibility to put them in a position to recover from attacks effectively.
Better Visibility: Organizational leaders should look for opportunities to move beyond traditional cybersecurity controls to those that focus on improved adaptability against attacks geared toward disrupting system availability. This typically starts with the standard layered defenses and also leverages solutions that can shift to counter new threats.
For this approach to work, organizations need the ability to quickly sniff out potential attacks and launch responses before breaches are successful. IT leaders should look for opportunities to expand visibility into all parts of their environments, whether on-premises or in the cloud. Organizations also should leverage the data from tools that offer improved real-time analysis and monitoring, such as newer security information and event management solutions. This improved visibility can help organizations take advantage of network detection and response, endpoint detection and response, or combined solutions to speed up response efforts and limit the damage caused by an attack.
Adaptive Infrastructure and Controls: While traditional, static defenses have their place, they may do little to limit damage to more fragile parts of the environment. Organizations should look for solutions that promise a high degree of adaptability.
This includes various forms of adaptive infrastructure that enable the organization to pivot critical capabilities more quickly from one type of infrastructure to another, allowing them to move important workloads as needed.
It also includes latest-generation cybersecurity protections that leverage AI-driven techniques to more quickly flag anomalous activity as malicious and offer multiple techniques to respond more effectively.
Click Below to Continue Reading
Improved Cyber Recovery: Older disaster recovery capabilities have proved to be a weak point for most organizations, since they rely on backups and replication that may be compromised during an attack.
Cyber recovery tools focus on extending traditional backup and recovery solutions to add immutability, as well as more advanced security and anomaly testing. They also provide additional infrastructure to rebuild or restore systems in isolated clean rooms before then either moving them back into normal operations or into alternative recovery rooms for use by the business. They also implement the application, security and data quality tools needed to provide the organization with a higher assurance of a safe recovery.
Automated Response and Recovery: A key part of any cyber resilience strategy is limiting the impact of a successful attack. Adaptive infrastructure enables an organization to recover more quickly, and cybersecurity controls may be able to stop attacks, but these tools are considerably less effectively if they rely on manual workflow.
Organizations should invest in suitable automation capabilities to help develop, execute, maintain and improve automated response and recovery. While this can start with the automation of simpler, repetitive tasks common to most workflows, newer AI assistants are also becoming available that can provide more advanced decision support and take some autonomous actions to respond or recover more quickly.
Resilience Training and Exercises: The best way for people to establish resilience is to develop their strengths and test them under real-world conditions. This typically means moving beyond simple tabletop exercises (where teams who respond to major cyber incidents discuss how they might respond) to more complex simulations (such as purple-team testing) that require them to take action under pressure and put their defensive, detection and responsive techniques and tools to the test.
Such simulations do a lot to help improve overall organizational and team resilience, but it’s important to also invest in the individuals who drive response. Organizational leaders should work closely with key individuals to develop training and development paths that reinforce their areas of strength and tackle opportunities for improvement.
- EVOLVING THREAT LANDSCAPES
- CYBER RESILIENT ORGANIZATIONS
- CYBER RESILIENCE STRATEGIES
Today’s cybersecurity landscape bears only a passing resemblance to that of a few decades ago. Twenty years ago, exploits tended to take advantage of simple configuration issues and software vulnerabilities. Systems were built for availability and to work, not work under threat.
But as defensive measures improved and financial incentives increased, attackers were driven to find new and successful ways to exploit organizations. Today, rather than battling back isolated exploits from individual hackers, organizations now confront coordinated, global threats that target economic and social vulnerabilities with pinpoint precision, often taking advantage of intentional functionality and organizationally supplied tools. Further, organizations must overcome other sources of stress and vulnerability to their systems.
RANSOMWARE: It is difficult to overstate the impact that ransomware has had over the past decade. Looking past the direct losses (the FBI reports that $12.5 billion was lost to ransomware attacks in the U.S. alone in 2023), ransomware’s continued success comes from constant change driven by the need to evade improving defenses and law enforcement takedowns. Social engineering and credential theft continue to be the top attack vectors used by malicious actors, more often than any other action, leading to ransomware events.
Click Below to Continue Reading
PHISHING: One of the oldest forms of cyberattack, phishing remains a serious problem because the intended victim continues to be a soft target, especially as attacks grow in sophistication. Spear phishing, in which attackers target specific individuals with highly personalized messages, was always dangerous. But these attacks are now becoming easier to craft thanks to the malicious use of generative AI. Historically, organizations sought to improve their defenses through user education and training. Today, organizations must assume malicious actors will be successful and plan their cyber resilience strategies accordingly.
COMPLEXITY OF MODERN IT: As organizations develop increasingly complex IT environments that combine legacy systems, cloud services and third-party integrations, they face significant risks. These complex environments can be challenging to manage and secure. Further, vulnerabilities and dependencies in one part of an organization’s infrastructure can affect the functions of other systems throughout the environment. For example, an application hosted by one cloud provider may rely on microservices supported by another provider. These risks must be understood and addressed to improve cyber resilience.
SUPPLY CHAIN ATTACKS: Cybercriminals frequently target the weak links in supply chains, such as small suppliers or third-party service providers that have access to the information or systems of a larger, more secure organization. By compromising the smaller entity, attackers can bypass the stronger defenses of the larger organization by exploiting that trust.
LIMITED VISIBILITY: The complexity of modern IT systems also makes it more difficult for organizations to maintain clear visibility into their environments, which is crucial for cyber resilience. Inadequate monitoring and visibility into an organization’s network and systems can result in the delayed detection of security incidents. The longer it takes IT teams to detect an incident, the more damage cyberattacks can do, and the longer it may take for a recovery. Organizations need robust monitoring tools and practices to identify and respond to threats promptly.
It’s not all doom and gloom: There are several effective strategies any organization can use to improve cyber resilience against even the most sophisticated threats.
Focus on the Fragile: Traditionally, cyber risk management has focused on identifying and mitigating risks to the most valuable assets and often paying less attention to less valuable but more fragile parts of the environment.
Fragility, not vulnerability, is the opposite of resilience. A system may be vulnerable to exploitation but fundamentally continue to work as intended even if it is exploited. Fragile systems, on the other hand, can break so fundamentally that they stop working as intended or cease to be trustworthy. Historically, organizations have focused on protecting the confidentiality of their systems. Now they must also consider the availability of their systems. These systems break when put under sufficient pressure and may be costly to repair or recover. Worse, they can affect other systems that depend on them. Many of the threats organizations face focus on identifying such fragile points and exploiting them. Efforts to improve strength and resilience will help limit the impact of availability attacks.
Prepare for Impact: It is inevitable that systems will break under pressure, but few organizations are well-prepared to accept and absorb this impact, particularly to critical infrastructure or data. When these systems are impacted, critical processes may fail.
Resilient organizations work to identify ways that they can continue to operate even when such systems may be affected by a cyberattack. They look for ways to continue to operate while damage to systems, data or trust is being repaired. They prepare alternative processes that assume that systems will be impacted and work with key stakeholders to figure out how best to address these issues.
Organizations can start by examining key processes and identifying where they rely heavily on undamaged capabilities to work. In situations where systems need to be functioning at a high level, they should determine what effect a lower level of function might have. Is it still usable? How is it still usable? Ultimately, organizations must find ways to work.
Click Below to Continue Reading
Know What Is Needed to Maintain Viability: Most organizations have reasonably clear ideas about which systems are mission-critical, but fewer organizations have a clear idea about what they would need to maintain to remain viable as an organization. In a widespread cyberattack, it may simply not be possible to repair or recover everything quickly, so organizational leaders need to understand what they absolutely need.
Defining what represents a minimum viable organization will help to focus effort on the capabilities needed to keep the organization alive. Determining minimum viability typically results in identifying the subset of critical business processes (and associated applications, infrastructure and data) where leaders should really focus their investments in cyber resilience and recovery.
Become a Moving Target: Cyber resilience is not only about making targeted platforms more resistant to sustained attack. It’s also about making them harder to attack in the first place. When organizations continue to deploy and protect targeted applications, systems and data in predictable ways, they make things easier for the attackers. Given time, even highly complex environments may be fully enumerated by a persistent attacker. As highly adaptive, AI-driven attacks become more common, organizations will have even less time and resources for their defense.
AI-driven adaptability is also essential to newer cybersecurity solutions that can leverage a moving-target approach. By using adaptive techniques (often also driven by AI approaches), organizations can provide shifting defenses that alter the attack surface or change vulnerable assets to make it more difficult to get a foothold. They may also use similar techniques to adapt to new attacks more quickly, helping vulnerable systems to be self-healing.
Build Up Organizational Resilience: While cyber resilience efforts tend to focus on applications, systems, data and infrastructure, it’s just as important to make an organization — particularly its people — more resilient under pressure.
This typically starts by recognizing that response to a serious cyber incident is almost always driven by a few key individuals. They must respond well in a crisis, be quick to make decisions and take action, and have strong knowledge about what can be done and how. Organization leaders also must understand that during an incident, they can overutilize these individuals and should instead increase their reliance on their wider teams.
By focusing on developing the strengths of the team, organizations can improve overall resilience under pressure.
To truly enable cyber resilience, organizations must invest in more than just traditional cybersecurity solutions. They also must implement tools that address the human element of cybersecurity, leverage automation and promote visibility to put them in a position to recover from attacks effectively.
Better Visibility: Organizational leaders should look for opportunities to move beyond traditional cybersecurity controls to those that focus on improved adaptability against attacks geared toward disrupting system availability. This typically starts with the standard layered defenses and also leverages solutions that can shift to counter new threats.
For this approach to work, organizations need the ability to quickly sniff out potential attacks and launch responses before breaches are successful. IT leaders should look for opportunities to expand visibility into all parts of their environments, whether on-premises or in the cloud. Organizations also should leverage the data from tools that offer improved real-time analysis and monitoring, such as newer security information and event management solutions. This improved visibility can help organizations take advantage of network detection and response, endpoint detection and response, or combined solutions to speed up response efforts and limit the damage caused by an attack.
Adaptive Infrastructure and Controls: While traditional, static defenses have their place, they may do little to limit damage to more fragile parts of the environment. Organizations should look for solutions that promise a high degree of adaptability.
This includes various forms of adaptive infrastructure that enable the organization to pivot critical capabilities more quickly from one type of infrastructure to another, allowing them to move important workloads as needed.
It also includes latest-generation cybersecurity protections that leverage AI-driven techniques to more quickly flag anomalous activity as malicious and offer multiple techniques to respond more effectively.
Click Below to Continue Reading
Improved Cyber Recovery: Older disaster recovery capabilities have proved to be a weak point for most organizations, since they rely on backups and replication that may be compromised during an attack.
Cyber recovery tools focus on extending traditional backup and recovery solutions to add immutability, as well as more advanced security and anomaly testing. They also provide additional infrastructure to rebuild or restore systems in isolated clean rooms before then either moving them back into normal operations or into alternative recovery rooms for use by the business. They also implement the application, security and data quality tools needed to provide the organization with a higher assurance of a safe recovery.
Automated Response and Recovery: A key part of any cyber resilience strategy is limiting the impact of a successful attack. Adaptive infrastructure enables an organization to recover more quickly, and cybersecurity controls may be able to stop attacks, but these tools are considerably less effectively if they rely on manual workflow.
Organizations should invest in suitable automation capabilities to help develop, execute, maintain and improve automated response and recovery. While this can start with the automation of simpler, repetitive tasks common to most workflows, newer AI assistants are also becoming available that can provide more advanced decision support and take some autonomous actions to respond or recover more quickly.
Resilience Training and Exercises: The best way for people to establish resilience is to develop their strengths and test them under real-world conditions. This typically means moving beyond simple tabletop exercises (where teams who respond to major cyber incidents discuss how they might respond) to more complex simulations (such as purple-team testing) that require them to take action under pressure and put their defensive, detection and responsive techniques and tools to the test.
Such simulations do a lot to help improve overall organizational and team resilience, but it’s important to also invest in the individuals who drive response. Organizational leaders should work closely with key individuals to develop training and development paths that reinforce their areas of strength and tackle opportunities for improvement.
