{"id":15205,"date":"2024-01-29T14:07:47","date_gmt":"2024-01-29T14:07:47","guid":{"rendered":"https:\/\/ivaluegroup.com\/en-gl\/?p=13703"},"modified":"2024-01-29T14:07:47","modified_gmt":"2024-01-29T14:07:47","slug":"how-to-improve-your-organizations-cyber-resiliency","status":"publish","type":"post","link":"https:\/\/ivaluegroup.com\/en-kh\/blogs\/how-to-improve-your-organizations-cyber-resiliency\/","title":{"rendered":"How To Improve your Organization\u2019s Cyber-Resiliency"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"15205\" class=\"elementor elementor-15205\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9a8fa36 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9a8fa36\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1f65378\" data-id=\"1f65378\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0a44034 elementor-widget elementor-widget-image\" data-id=\"0a44034\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/ivaluegroup.com\/en-gl\/wp-content\/uploads\/sites\/7\/2024\/01\/WhatsApp-Image-2024-01-29-at-19.39.46_d25a028a.jpg\" title=\"\" alt=\"\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7a1c99f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7a1c99f\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d21a3c6\" data-id=\"d21a3c6\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-607750c elementor-widget elementor-widget-text-editor\" data-id=\"607750c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p>Let\u2019s start with a hypothetical of comparing organizational cyber-security to the security of your home. The traditional approach to cyber-security has been akin to having a good lock on the front door and secure latches on all the windows. In a good neighborhood, maybe that\u2019s enough.<\/p><p>But recent developments have shown that maybe the cyberspace neighborhood isn\u2019t as safe as we thought:<\/p><ul><li>75% of organizations have experienced at least one cyberattack in recent times.<\/li><li>The number of ransomware victims in March 2023 was nearly double the figure from the previous year. (Forbes)<\/li><li>57% of organizations see weekly or daily phishing attempts. (GreatHorn)<\/li><li>The average cost of a data breach in 2023 was $4.45 million.<\/li><\/ul><p>Pandemic-era changes have also created a certain flux in this neighborhood. The shift to remote work combined with the accelerated use of cloud has led to new &amp; evolving threat vectors. Suffice to say, the traditional approach is no longer adequate.<\/p><p>In such an environment, it\u2019s imperative to fortify every single nook of your \u2018home\u2019 and condition your approach from an optimistic tone to a more realistic one, essentially following the adage of \u2018hope for the best, prepare for the worst\u2019. That has caused a shift in organizations from a focus in cyber-security to something more holistic called <strong>Cyber-Resilience<\/strong>.<\/p><p><strong>What is cyber-resilience?<\/strong><\/p><p>We define it as the ability of an organization to anticipate, withstand and recover from incidents, maintaining its core business in the face of a wide variety of cyberattacks. The beauty about cyber-resilience is its multidisciplinary strategy &#8211; it brings together the traditionally siloed disciplines of information security, business continuity and disaster response.<\/p><p>The key is to adopt processes &amp; frameworks designed to balance your IT security capabilities with the smooth functioning of your operations. Your cyber-resilience strategy must walk that tightrope of having 100% security while also enabling your employees to be efficient.<\/p><p><strong>So how does one construct a comprehensive cyber-resilience strategy? <\/strong><\/p><p>It starts by going to your organizational roots. Conduct a holistic risk assessment across your entire IT sphere to understand where the risks exist, then identify &amp; prioritize your most critical systems based on business intelligence. Once this is done, complete an inventory of all IT assets to ensure your security policies cover the entire corporate infrastructure and take account of possible \u2018shadow IT\u2019 elements in your organization.<\/p><p>And once that is done, it\u2019s time to put all the myriad processes in place to form a smoothly running cyber-resilience machine. To simplify this, we\u2019d like to divide it up into two aforementioned distinctions: the ones that \u2018hope for the best\u2019, which focuses mainly on prevention, and the ones that \u2018prepare for the worst\u2019, which are all about remedy. Bear in mind moving forward that there could be significant overlaps between the two.<\/p><p>\u00a0<\/p><p>Let\u2019s start with primarily preventive measures first:<\/p><p><strong>Endpoint Detection &amp; Response<\/strong><\/p><p>Remote working has put a lot of organizational devices in potentially vulnerable networks. To counteract the extended level of threat, all computers must have EDR agents installed, with threat blocking features enabled. A good EDR system effortlessly combines malware protection with monitoring &amp; response.<\/p><p><strong>Phishing-Resistant MFAs<\/strong><\/p><p>It is estimated that 60-80% of cyberattacks start with account theft. To safeguard against this, passwords aren\u2019t enough by themselves &#8211; they must be pegged with a phishing-resistant form of MFA, like tokens, biometrics and authentication apps. Deployment of these MFAs should be prioritized for services accessible externally, like email and VPN.<\/p><p><strong>Remote Management<\/strong><\/p><p>All devices in the company must have tools installed that allow administrators to manage the machine remotely, for functions such as computer diagnostics, installing apps &amp; updates or testing for vulnerabilities.<\/p><p>This also takes importance in the event of a breach. During this time, it may be necessary to run a specialized utility or install a certificate, and only admin systems should be allowed to perform this function.<\/p><p><strong>Unique Passwords<\/strong><\/p><p>Each device in the network must be protected by a unique local administrator password. A unique password for each device prevents attackers from moving quickly through the network using the same password across devices and gives you priceless additional time to mount your disaster recovery.<\/p><p><strong>Zero-Trust Access Control<\/strong><\/p><p>Assume there is an equally likely chance of an inside attack as there is of an external one. Everyone is a potential risk, and therefore should have access to only assets related to their role.<\/p><p>Now, let\u2019s look at the measures that focus primarily on remedy:<\/p><p><strong>\u00a0<\/strong><\/p><p><strong>Backup Strategy<\/strong><\/p><p>A recent Sophos study revealed that only 8% of businesses that pay ransom to hackers receive all their data in return. Therefore, your backup strategy must account for all scenarios, and ensure guaranteed recovery in the event of an attack.<\/p><p>\u00a0<\/p><p>It\u2019s quite likely that you\u2019ll need two separate backups &#8211; a ransomware-resistant backup that is stored on media that can be physically disconnected from your network, as well as immutable cloud storage where data can be added but not replaced or deleted.<\/p><p>\u00a0<\/p><p><strong>Incident Response Plan<\/strong><\/p><p>It is necessary to formulate &amp; institute a time-tested incident response plan that is adequately prepared for an incident. This plan must detail roles &amp; responsibilities of all stakeholders in connection to specific events and train them accordingly.<\/p><p>And should the worst happen, there must be measures to adapt &amp; learn from them so that such a situation is unlikely to arise again. That brings us to\u2026<\/p><p>\u00a0<\/p><p><strong>Vulnerability Testing<\/strong><\/p><p>The greatest military generals have preached the tenet of \u2018thinking like the enemy\u2019. All products your organization creates must be looked upon through the eyes of an attacker. That means all vulnerabilities must be explored by performing penetration tests and running tabletop exercises. This will ensure the systems have appropriate levels of protection to remain operational in the event of a cyber incident.<\/p><p>Finally, the key to making this work is continuous improvement, and this bleeds onto every aspect of cyber-resilience. For example, the risk management framework you complete today may not be relevant a year from now &#8211; such is the ever-evolving nature of the cyber landscape. Therefore, you should constantly relook at your strategy with this outlook: there is always room for improvement.<\/p><p>Speaking of, if you believe there\u2019s room for improvement with regards to your cyber-resilience strategy, we have a bunch of tools at our disposal to remedy that. Contact us today regarding the same and keep staying resilient!<\/p><p>\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Let\u2019s start with a hypothetical of comparing organizational cyber-security to the security of your home. The traditional approach to cyber-security has been akin to having a good lock on the front door and secure latches on all the windows. In a good neighborhood, maybe that\u2019s enough. But recent developments have shown that maybe the cyberspace &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/ivaluegroup.com\/en-kh\/blogs\/how-to-improve-your-organizations-cyber-resiliency\/\"> <span class=\"screen-reader-text\">How To Improve your Organization\u2019s Cyber-Resiliency<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":19,"featured_media":15059,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[109],"tags":[],"whitepapers":[],"case_studies":[],"acf":[],"_links":{"self":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts\/15205"}],"collection":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/comments?post=15205"}],"version-history":[{"count":0,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts\/15205\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/media\/15059"}],"wp:attachment":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/media?parent=15205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/categories?post=15205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/tags?post=15205"},{"taxonomy":"whitepapers","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/whitepapers?post=15205"},{"taxonomy":"case_studies","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/case_studies?post=15205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}