Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Cyber Resilience: The New Strategy to Cope With Increased Threats

As part of last month’s Cybersecurity Awareness Month, I was traveling around the globe to provide organizations actionable tips on how to strengthen their cybersecurity posture and allow for accelerated recovery from cyberattacks. Through my conversations with hundreds of analysts, system integrators, and security professionals one thing became apparent – many of them understand that it’s no longer a ma

As part of last month’s Cybersecurity Awareness Month, I was traveling around the globe to provide organizations actionable tips on how to strengthen their cybersecurity posture and allow for accelerated recovery from cyberattacks. Through my conversations with hundreds of analysts, system integrators, and security professionals one thing became apparent – many of them understand that it’s no longer a matter of ‘if’ but ‘when’ an organization will suffer a data breach. This means that instead of primarily focusing efforts on keeping threat actors out of the network, it’s equally important to develop a strategy to reduce the impact. In turn, many organizations have started adopting a new strategy to cope with today’s increased cyber threats, which is called ‘cyber resilience’.

But what exactly is cyber resilience and how does it compare to traditional cybersecurity practices?   

According to MITRE, cyber resilience (or cyber resiliency) “is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise. The objective of cyber resilience is to ensure that an adverse cyber event (intentional or unintentional, i.e., due to failed software updates) does not negatively impact the confidentiality, integrity, and availability of an organization’s business operation. 

Cybersecurity vs. Cyber Resilience

Cybersecurity applies technology, processes, and measures that are designed to protect systems (e.g., servers, endpoints), networks, and data from cyberattacks. In contrast, cyber resilience focuses on detective and reactive controls in an organization’s IT environment to assess gaps and drive enhancements to the overall security posture. Most cyber resilience initiatives leverage or enhance a variety of cybersecurity measures. Both are most effective when applied in concert. 

More and more cyber risk and security management frameworks are adopting the concept of cyber resilience (e.g., the Department of Homeland Security’s Cyber Resilience Review (CRR) or the National Institute of Standards and Technology (NIST) Special Publication 800-160 Volume 2). Furthermore, leading analyst firms like Gartner are advising clients to shift their cybersecurity priorities from defensive strategies to the management of disruption through resilience to make a real difference to the impact of cybersecurity incidents.

Benefits of Cyber Resilience

A cyber resilience strategy is vital for business continuity and can provide a range of benefits prior, during, and after a cyberattack, such as:

Advertisement. Scroll to continue reading.

• Enhanced Security Posture: Cyber resilience not only helps with responding to and surviving an attack. It can also help an organization develop strategies to improve IT governance, improve security across critical assets, expand data protection efforts, and minimize human error.

• Reduced Financial Loss: According to the IBM Cost of a Data Breach Report 2022, the average cost of a data breach is now $4.35 million globally. In addition to financial costs, the reputational impact of data breaches is increasing due to the introduction of general data protection laws and stringent data breach notification requirements. Cyber resilience can help minimize recovery costs by accelerating time-to-remediation.

• Improved Compliance Posture: Many industry standards, government regulations, and data privacy laws nowadays propagate cyber resilience. 

• Enhanced IT Productivity: One of the understated benefits of cyber resilience is its ability to improve the daily IT operations, including threat response and ensuring day-to-day operations run smoothly.

• Heightened Customer Trust: Implementing a cyber resilience strategy helps improve trust as it enhances the chances of responding to and surviving a cyberattack, minimizing the negative impact on an organization’s customer relationships. 

• Increased Competitive Edge: Cyber resilience provides organizations a competitive advantage over companies without it. 

Both the range of cyber resources within an organization (e.g., networks, data, workloads, devices, and people) and the threats to which they are susceptible will determine what steps are needed to achieve cyber resilience. As a result, cyber resilience measures should be implemented based on an assessment of the tactics, techniques, and procedures (so-called TTPs) that hackers are commonly applying when exploiting their victims. 

For instance, endpoints are often used as an access point for hackers and cybercriminals to launch attacks that could infect an organization’s entire network or function as a beachhead to laterally move within the network. In fact, a Ponemon Institute survey revealed that 68 percent of organizations suffered a successful endpoint attack within the last 12 months. 

Despite widespread attempts to secure endpoints, this finding suggests that security has been rapidly eroding in today’s work-from-anywhere environment and therefore requires Endpoint Resilience, which is just one flavor of cyber resilience. Endpoint Resilience enables organizations to always know where their endpoints are, apply deep security control, and take defensive actions on those devices, which includes repairing protective security applications if they’re disabled, altered, or otherwise compromised.

Conclusion

When implemented properly, cyber resilience can be considered a preventive measure to counteract human error, malicious actions, and decayed, insecure software. The goal of cyber resilience is to aggressively protect the entire enterprise, covering all available cyber resources.

Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.