Understanding the Framework of Cyber Resilience
With the ever-increasing growth across the digital landscape, having a strong security posture is no longer enough. More than ever, organizations of all sizes need to have an end-to-end cyber resiliency strategy. But what exactly is Cyber Resilience? At its core, Cyber Resilience is the ability of an organization to assess, prepare for, respond to, and recover from cyber threats and incidents.
The National Institute of Standards and Technology (NIST) defines cyber resiliency as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Cyber resiliency is intended to enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment.”
MITRE, a non-profit’s cyber security division, is focused to “arm the worldwide community of cyber defenders.” They were the first to launch the Cyber Resiliency Engineering Framework in 2011, and describe cyber resiliency as “the need for information and communications systems and those who depend on them to be resilient in the face of persistent, stealthy, and sophisticated attacks focused on cyber resources.”
It’s not just about preventing attacks but also about how your organization can still operate during and after a cybersecurity event. This requires consistent collaboration across IT and Security teams to turn the tide against the onslaught of threat actors and evolving cyber-attacks.
Drawing on MITRE and NIST’s best practices, any Cyber Resilience Framework involves multiple layers, each designed to fortify your organization’s defenses:
Anticipate: Regularly identify your internal and external vulnerabilities and your most valuable assets. This requires IT and Security teams to unite to connect systems, processes, and policies in place for an end-to-end approach.
Withstand: Put your plan in place and monitor for unusual activity that could indicate a malicious activity and/or breach. This includes using security tools like SIEM and XDR, ensuring your organization is using Zero Trust Principals and enforcing best-in-class Identity and Access Management policies like MFA.
Recover: Backup is your best line of defense. Ensure your restore points are clean, immutable, and verified, allowing you to get back to running your business.
Adapt: Evaluate your process, policies, and systems and modify as needed to prevent repeated and evolving internal and external threats.
By understanding and implementing this framework, organizations can better prepare for the inevitable cyber event to their organization.
Identifying Common Risks in Cyber Resilience
Understanding the risks associated with cyber threats is crucial for building a resilient strategy. Some of the most common risks include:
- IT and Security teams are siloed, making it difficult to understand the tools, processes, and plans, which delays quick response to a cybersecurity event.
- Backup and Data Recovery excluded from an organization’s cyber resiliency strategy.
- Organizations are not doing basic security and data protection hygiene.
- Lack of employee training at all levels in an organization.
The impact of these risks can be devastating, both financially and reputationally. According to a recent report, the average cost of a data breach is $3.86 million, and it takes an average of 280 days to identify and contain a breach. These statistics underscore the importance of a robust Cyber Resilience strategy.
Implementing Basic Resilience Measures
Building Cyber Resilience involves more than just implementing security tools and resources; it requires a holistic approach that encompasses various best practices:
- Unite IT and Security teams: Together, these teams can enforce a full end-to-end cyber resilience approach. As Sue Gordon, Former Principal Deputy Director of National Intelligence, recently noted, “Collaboration and shared purpose is even more critical to defend against cyber attacks.”
- Data Backups: Regularly backing up data is just the first step to ensuring that you can quickly restore operations in the event of a cyber incident. Concepts such as immutability, automated testing and verification, and malware scanning can help ensure that your data is clean and trusted.
- Incident Response Plans: These are predefined steps that your organization should follow when a cyber incident occurs.
- Evaluate consistently: The world of cyber threats is constantly evolving, which means your organization needs to as well. Evaluate your tools, processes, systems, and policies on an ongoing basis to close any gaps and vulnerabilities in your organization.
- Employee Training: Everyone plays a role in protecting your business, customers, and data. Educating employees on how to recognize and respond to cyber threats can significantly reduce the risk of a successful attack.
These measures are foundational elements of a Cyber Resilience strategy and should be tailored to fit the specific needs and nuances of your organization.
Real-Life Cyber Resilience Incidents
Real-world examples can provide valuable insights into the importance of Cyber Resilience. One such incident involved a global shipping company that fell victim to a ransomware attack. Despite having security measures in place, the company experienced significant downtime. However, their robust Cyber Resilience strategy, which included comprehensive data backups and a well-executed incident response plan, enabled them to recover much faster than they otherwise would have.
Another example involves a healthcare provider that suffered a data breach, exposing sensitive patient information. While the breach was damaging, the organization’s Cyber Resilience measures, including immediate activation of their incident response plan and transparent communication, helped mitigate the impact.
These incidents highlight the importance of being prepared. Cyber Resilience is not just about preventing attacks but also about how you respond and recover.
In an era where cyber threats are not just probable but inevitable, Cyber Resilience has become a cornerstone for any organization aiming to protect its assets and maintain business continuity. It’s not just about having the right tools in place but also about having the right strategies, processes, and training’ requires partnership across IT and Security teams.
Cyber Resilience is a continuous journey that evolves as new threats emerge. It requires a proactive approach, one that involves regular assessments, updates, and drills to ensure that your organization is always prepared for what lies ahead.
Remember, the goal is not just to survive a cyber attack but to come out of it with as little damage as possible, both operationally and reputationally. In this context, Cyber Resilience is not just an IT or Security concern but a business imperative.
- Cybersecurity | MITRE:
- MITRE ATT&CK®CREF Navigator (mitre.org)
- The Cyber Resilience Index: Advancing Organizational Cyber Resilience | World Economic Forum (weforum.org)