Security Experts:

Connect with us

Hi, what are you looking for?


Risk Management

The Need for Survivable, Trustworthy Secure Systems

Cybersecurity and cyber resilience measures are most effective when applied in concert

Cybersecurity and cyber resilience measures are most effective when applied in concert

As 2021 draws to an end, security practitioners are scrambling to address multiple vulnerabilities identified in the widely used Apache Log4j Java-based logging tool that impact hundreds of millions of devices and software applications. These security holes (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) expose many organizations to attacks and exploitation, illustrating once more that there is no silver bullet when it comes to protecting against cyber-attacks. More and more security professionals acknowledge that modern enterprise infrastructures are made up of large and complex entities, and therefore will always have flaws and weaknesses that adversaries will be able to exploit. In this context, they propagate the concept of cyber resilience to ensure that an adverse cyber event (intentional or unintentional, i.e., due to failed software updates) does not negatively impact the confidentiality, integrity, and availability of an organization’s business operations. But how does this compare to traditional cybersecurity practices?

Cybersecurity applies technology, processes, and measures that are designed to protect systems (e.g., servers, endpoints), networks, and data from cyber-attacks. In contrast, cyber resilience focuses on detective and reactive controls in an organization’s IT environment to assess gaps and drive enhancements to the overall security posture. According to MITRE, cyber resilience (or cyber resiliency) “is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” Most cyber resilience measures leverage or enhance a variety of cybersecurity measures. Cybersecurity and cyber resilience measures are most effective when applied in concert. 

Organizations that are interested in learning more about cyber resilience should refer to the Department of Homeland Security’s Cyber Resilience Review (CRR) guidance on how to evaluate an organization’s operational resilience and cybersecurity practices or the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-160 Volume 2. The latter helps organizations anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and compromises on systems – including hostile and increasingly destructive cyber-attacks from nation states, criminal gangs, and disgruntled individuals.

Interestingly enough, NIST just announced a major update to its guidance, which offers significant new content and support tools for organizations to defend against cyber-attacks. The document provides suggestions on how to limit the damage that adversaries can inflict by impeding their lateral movement, increasing their work factor, and reducing their time on target. In particular, it 

● Updates the controls that support cyber resiliency to be consistent with NIST SP 800-53, Rev. 5.

● Standardizes a single threat taxonomy and framework. 

● Provides a detailed mapping and analysis of cyber resiliency implementation approaches and supporting controls to the framework techniques, mitigations, and candidate mitigations.

The publication also adds a new appendix containing analysis of the potential effects of cyber resiliency on adversary tactics, techniques, and procedures used to attack operational technologies, including industrial control systems (ICS). The analysis shows how cyber resiliency approaches and controls described in NIST guidance can be used to reduce the risks associated with adversary actions that threaten ICSs and critical infrastructure.

A Blueprint to Success

Like Zero Trust, cyber resilience offers a blueprint to strengthen an organization’s security posture in today’s dynamic threatscape, establish security controls that require cyber adversaries to spend more time figuring out how to bypass them (which they often are not willing to do, as time is money), and the means to recover from cyber-attacks quickly and efficiently.

Cyber resilience strategies encompass, but are not limited to the following best practices:

Maintain a trusted connection with endpoints to detect unsafe behaviors or conditions that could put sensitive data at risk. This includes having granular visibility and control over endpoint hardware, operating systems, applications, and data gathered on the device. This always-on connectivity can help with reimaging the operating system in case of a ransomware attack.

Monitor and repair misconfigurations (automatically when possible), as organizations cannot assume that the health of their IT controls or security will remain stable over time.

● Monitor network connectivity status, security posture, and potential threat exposure to enforce acceptable use via dynamic web filtering.

● Enforce dynamic, contextual network access policies to grant access for people, devices, or applications. This entails analyzing device posture, application health, network connection security, as well as user activity to subsequently enforce pre-defined policies at the endpoint rather than via a centralized proxy.


Cyber resiliency measures (i.e., architectural design, technologies, operational practices) assume that today’s threat actors can achieve a foothold in an organization’s infrastructure and in turn post-exploit activities must be contained and eliminated. When implemented properly, cyber resilience can act as a preventive measure to counteract human error, malicious actions, and decayed, insecure software. Ultimately, the goal of cyber resilience is to aggressively shield the entire enterprise, covering all available cyber resources (e.g., networks, data, workloads, devices, people). 

Ransomware Resiliency and Recovery Summit

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Security Architecture

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...