Let’s start with a hypothetical of comparing organizational cyber-security to the security of your home. The traditional approach to cyber-security has been akin to having a good lock on the front door and secure latches on all the windows. In a good neighborhood, maybe that’s enough.
But recent developments have shown that maybe the cyberspace neighborhood isn’t as safe as we thought:
- 75% of organizations have experienced at least one cyberattack in recent times.
- The number of ransomware victims in March 2023 was nearly double the figure from the previous year. (Forbes)
- 57% of organizations see weekly or daily phishing attempts. (GreatHorn)
- The average cost of a data breach in 2023 was $4.45 million.
Pandemic-era changes have also created a certain flux in this neighborhood. The shift to remote work combined with the accelerated use of cloud has led to new & evolving threat vectors. Suffice to say, the traditional approach is no longer adequate.
In such an environment, it’s imperative to fortify every single nook of your ‘home’ and condition your approach from an optimistic tone to a more realistic one, essentially following the adage of ‘hope for the best, prepare for the worst’. That has caused a shift in organizations from a focus in cyber-security to something more holistic called Cyber-Resilience.
What is cyber-resilience?
We define it as the ability of an organization to anticipate, withstand and recover from incidents, maintaining its core business in the face of a wide variety of cyberattacks. The beauty about cyber-resilience is its multidisciplinary strategy – it brings together the traditionally siloed disciplines of information security, business continuity and disaster response.
The key is to adopt processes & frameworks designed to balance your IT security capabilities with the smooth functioning of your operations. Your cyber-resilience strategy must walk that tightrope of having 100% security while also enabling your employees to be efficient.
So how does one construct a comprehensive cyber-resilience strategy?
It starts by going to your organizational roots. Conduct a holistic risk assessment across your entire IT sphere to understand where the risks exist, then identify & prioritize your most critical systems based on business intelligence. Once this is done, complete an inventory of all IT assets to ensure your security policies cover the entire corporate infrastructure and take account of possible ‘shadow IT’ elements in your organization.
And once that is done, it’s time to put all the myriad processes in place to form a smoothly running cyber-resilience machine. To simplify this, we’d like to divide it up into two aforementioned distinctions: the ones that ‘hope for the best’, which focuses mainly on prevention, and the ones that ‘prepare for the worst’, which are all about remedy. Bear in mind moving forward that there could be significant overlaps between the two.
Let’s start with primarily preventive measures first:
Endpoint Detection & Response
Remote working has put a lot of organizational devices in potentially vulnerable networks. To counteract the extended level of threat, all computers must have EDR agents installed, with threat blocking features enabled. A good EDR system effortlessly combines malware protection with monitoring & response.
Phishing-Resistant MFAs
It is estimated that 60-80% of cyberattacks start with account theft. To safeguard against this, passwords aren’t enough by themselves – they must be pegged with a phishing-resistant form of MFA, like tokens, biometrics and authentication apps. Deployment of these MFAs should be prioritized for services accessible externally, like email and VPN.
Remote Management
All devices in the company must have tools installed that allow administrators to manage the machine remotely, for functions such as computer diagnostics, installing apps & updates or testing for vulnerabilities.
This also takes importance in the event of a breach. During this time, it may be necessary to run a specialized utility or install a certificate, and only admin systems should be allowed to perform this function.
Unique Passwords
Each device in the network must be protected by a unique local administrator password. A unique password for each device prevents attackers from moving quickly through the network using the same password across devices and gives you priceless additional time to mount your disaster recovery.
Zero-Trust Access Control
Assume there is an equally likely chance of an inside attack as there is of an external one. Everyone is a potential risk, and therefore should have access to only assets related to their role.
Now, let’s look at the measures that focus primarily on remedy:
Backup Strategy
A recent Sophos study revealed that only 8% of businesses that pay ransom to hackers receive all their data in return. Therefore, your backup strategy must account for all scenarios, and ensure guaranteed recovery in the event of an attack.
It’s quite likely that you’ll need two separate backups – a ransomware-resistant backup that is stored on media that can be physically disconnected from your network, as well as immutable cloud storage where data can be added but not replaced or deleted.
Incident Response Plan
It is necessary to formulate & institute a time-tested incident response plan that is adequately prepared for an incident. This plan must detail roles & responsibilities of all stakeholders in connection to specific events and train them accordingly.
And should the worst happen, there must be measures to adapt & learn from them so that such a situation is unlikely to arise again. That brings us to…
Vulnerability Testing
The greatest military generals have preached the tenet of ‘thinking like the enemy’. All products your organization creates must be looked upon through the eyes of an attacker. That means all vulnerabilities must be explored by performing penetration tests and running tabletop exercises. This will ensure the systems have appropriate levels of protection to remain operational in the event of a cyber incident.
Finally, the key to making this work is continuous improvement, and this bleeds onto every aspect of cyber-resilience. For example, the risk management framework you complete today may not be relevant a year from now – such is the ever-evolving nature of the cyber landscape. Therefore, you should constantly relook at your strategy with this outlook: there is always room for improvement.
Speaking of, if you believe there’s room for improvement with regards to your cyber-resilience strategy, we have a bunch of tools at our disposal to remedy that. Contact us today regarding the same and keep staying resilient!