Cyber Resilience Can be Considered a Preventive Measure to Counteract Human Error, Malicious Actions, and Decayed, Insecure Software
When it comes to cybersecurity, data breaches such as the SolarWinds supply chain attack have made one thing very clear: today’s attacks are no longer limited to the simple spread of a virus or a denial-of-service (DoS) attack. Instead, cyber adversaries deploy advanced persistent threats (APTs), which threaten to exploit even well-patched and monitored infrastructures. The rapid transition to a distributed workforce in response to the COVID-19 pandemic has exacerbated the already challenging situation, widening pre-existing gaps in IT visibility, accountability, and persistence of security controls. It’s not surprising to hear more and more CISOs talk about cyber resilience as an emerging measure to assure the ongoing delivery of business operations. But what exactly is cyber resilience and how does it compare to traditional cybersecurity practices?
Cyber Resilience Defined
According to MITRE, cyber resilience (or cyber resiliency) “is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to assure sufficient information, data, and network security. Cyber resilience acknowledges that modern enterprise infrastructures are made up of large and complex entities, and therefore will always have flaws and weaknesses that adversaries will be able to exploit. In this context, the objective of cyber resilience is to ensure that an adverse cyber event (intentional or unintentional, i.e., due to failed software updates) does not negatively impact the confidentiality, integrity, and availability of an organization’s business operation.
Cybersecurity applies technology, processes, and measures that are designed to protect systems (e.g., servers, endpoints), networks, and data from cyber-attacks. In contrast, cyber resilience focuses on detective and reactive controls in an organization’s IT environment to assess gaps and drive enhancements to the overall security posture. Most cyber resilience measures leverage or enhance a variety of cybersecurity measures. Cybersecurity and cyber resilience measures are most effective when applied together in concert.
More and more cyber risk and security management frameworks are adopting the concept of cyber resilience. For example, the Department of Homeland Security’s Cyber Resilience Review (CRR) offers guidance on how to evaluate an organization’s operational resilience and cybersecurity practices. Another example is the National Institute of Standards and Technology (NIST) Special Publication 800-160 Volume 2, which offers a framework for engineering secure and reliable systems—treating adverse cyber events as both resilience and security issues.
The Different Flavors of Cyber Resilience
Like Zero Trust, cyber resilience applies to today’s ever-expanding attack surface and therefore encompasses the following cyber resources:
• Networks
• Data
• Workloads
• Devices
• People (a.k.a. Identities)
The cyber resources, and the range of adversity to which cyber resources are susceptible, vary depending on the context in which cyber resilience is sought. In any situation, the priority an organization assigns to establishing cyber resilience measures across these different cyber resources should be driven by an assessment of the tactics, techniques, and procedures (so-called TTPs) that hackers are commonly applying when exploiting their victims.
For instance, endpoints are often used as an access point for hackers and cybercriminals to launch attacks that could infect an organization’s entire network or function as beachhead to laterally move within the network. In fact, a recent Ponemon Institute survey revealed that 68 percent of organizations suffered a successful endpoint attack within the last 12 months. Despite widespread attempts to secure endpoints, this number suggests that security has been rapidly eroding and therefore requires Endpoint Resilience, which is just one of the “flavors” that cyber resilience can assume. Endpoint Resilience enables organizations to always know where their endpoints are, take deep control and security actions on those devices, and help their security controls to repair themselves whenever they’re disabled, altered, or otherwise compromised.
Benefits of Cyber Resilience
Cyber resilience strategies like Endpoint Resilience provide a range of benefits prior, during, and after a cyber-attack. Here are some of the main benefits:
• Hardened Security Posture: Cyber resilience not only helps with responding to and surviving an attack. It can also help an organization develop strategies to improve IT governance, improve security across critical assets, expand data protection efforts, and minimize human error.
• Improved Compliance Posture: Many industry standards, government regulations, and data privacy laws nowadays propagate cyber resilience.
• Enhanced IT Productivity: One of the understated benefits of cyber resilience is that it improves the daily operations of an organization’s IT team. It improves the ability to respond to threats and helps to ensure day-to-day operations run smoothly.
Cyber resiliency measures (i.e., architectural design, technologies, operational practices) assume that today’s threat actors can achieve a foothold in an organization’s infrastructure and post-exploit activities must be thwarted. When implemented properly, cyber resilience can be considered a preventive measure to counteract human error, malicious actions, and decayed, insecure software. Ultimately, the goal of cyber resilience is to aggressively protect the entire enterprise, covering all the above mentioned available cyber resources. Thus, enterprises need to establish different flavors of cyber resilience across their infrastructure.