Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

The Different Flavors of Cyber Resilience

Cyber Resilience Can be Considered a Preventive Measure to Counteract Human Error, Malicious Actions, and Decayed, Insecure Software

Cyber Resilience Can be Considered a Preventive Measure to Counteract Human Error, Malicious Actions, and Decayed, Insecure Software

When it comes to cybersecurity, data breaches such as the SolarWinds supply chain attack have made one thing very clear: today’s attacks are no longer limited to the simple spread of a virus or a denial-of-service (DoS) attack. Instead, cyber adversaries deploy advanced persistent threats (APTs), which threaten to exploit even well-patched and monitored infrastructures. The rapid transition to a distributed workforce in response to the COVID-19 pandemic has exacerbated the already challenging situation, widening pre-existing gaps in IT visibility, accountability, and persistence of security controls. It’s not surprising to hear more and more CISOs talk about cyber resilience as an emerging measure to assure the ongoing delivery of business operations. But what exactly is cyber resilience and how does it compare to traditional cybersecurity practices?

Cyber Resilience Defined

According to MITRE, cyber resilience (or cyber resiliency) “is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to assure sufficient information, data, and network security. Cyber resilience acknowledges that modern enterprise infrastructures are made up of large and complex entities, and therefore will always have flaws and weaknesses that adversaries will be able to exploit. In this context, the objective of cyber resilience is to ensure that an adverse cyber event (intentional or unintentional, i.e., due to failed software updates) does not negatively impact the confidentiality, integrity, and availability of an organization’s business operation. 

Supply Chain Security Summit

Cybersecurity applies technology, processes, and measures that are designed to protect systems (e.g., servers, endpoints), networks, and data from cyber-attacks. In contrast, cyber resilience focuses on detective and reactive controls in an organization’s IT environment to assess gaps and drive enhancements to the overall security posture. Most cyber resilience measures leverage or enhance a variety of cybersecurity measures. Cybersecurity and cyber resilience measures are most effective when applied together in concert. 

More and more cyber risk and security management frameworks are adopting the concept of cyber resilience. For example, the Department of Homeland Security’s Cyber Resilience Review (CRR) offers guidance on how to evaluate an organization’s operational resilience and cybersecurity practices. Another example is the National Institute of Standards and Technology (NIST) Special Publication 800-160 Volume 2, which offers a framework for engineering secure and reliable systems—treating adverse cyber events as both resilience and security issues. 

The Different Flavors of Cyber Resilience

Like Zero Trust, cyber resilience applies to today’s ever-expanding attack surface and therefore encompasses the following cyber resources:

Advertisement. Scroll to continue reading.

• Networks

• Data

• Workloads

• Devices

• People (a.k.a. Identities)

The cyber resources, and the range of adversity to which cyber resources are susceptible, vary depending on the context in which cyber resilience is sought. In any situation, the priority an organization assigns to establishing cyber resilience measures across these different cyber resources should be driven by an assessment of the tactics, techniques, and procedures (so-called TTPs) that hackers are commonly applying when exploiting their victims. 

For instance, endpoints are often used as an access point for hackers and cybercriminals to launch attacks that could infect an organization’s entire network or function as beachhead to laterally move within the network. In fact, a recent Ponemon Institute survey revealed that 68 percent of organizations suffered a successful endpoint attack within the last 12 months. Despite widespread attempts to secure endpoints, this number suggests that security has been rapidly eroding and therefore requires Endpoint Resilience, which is just one of the “flavors” that cyber resilience can assume. Endpoint Resilience enables organizations to always know where their endpoints are, take deep control and security actions on those devices, and help their security controls to repair themselves whenever they’re disabled, altered, or otherwise compromised.

Benefits of Cyber Resilience

Cyber resilience strategies like Endpoint Resilience provide a range of benefits prior, during, and after a cyber-attack. Here are some of the main benefits:

• Hardened Security Posture: Cyber resilience not only helps with responding to and surviving an attack. It can also help an organization develop strategies to improve IT governance, improve security across critical assets, expand data protection efforts, and minimize human error.

• Improved Compliance Posture: Many industry standards, government regulations, and data privacy laws nowadays propagate cyber resilience. 

• Enhanced IT Productivity: One of the understated benefits of cyber resilience is that it improves the daily operations of an organization’s IT team. It improves the ability to respond to threats and helps to ensure day-to-day operations run smoothly.

Cyber resiliency measures (i.e., architectural design, technologies, operational practices) assume that today’s threat actors can achieve a foothold in an organization’s infrastructure and post-exploit activities must be thwarted. When implemented properly, cyber resilience can be considered a preventive measure to counteract human error, malicious actions, and decayed, insecure software. Ultimately, the goal of cyber resilience is to aggressively protect the entire enterprise, covering all the above mentioned available cyber resources. Thus, enterprises need to establish different flavors of cyber resilience across their infrastructure.

Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.