Cyber resilience is the ability of an organization to enable business acceleration (enterprise resiliency) by preparing for, responding to, and recovering from cyber threats. A cyber-resilient organization can adapt to known and unknown crises, threats, adversities, and challenges.
The ultimate goal of cyber resiliency is to help an organization thrive in the face of adverse conditions (crisis, pandemic, financial volatility, etc.).
Enterprise resilience is the ability for an organization to address strategic, financial, operational, and information (cyber) risk in a manner to drive business growth, profitability, and sustained modernization (digital transformation).
Why is enterprise resiliency relevant in the era of (COVID-19) crisis management?
COVID-19 caused businesses to react and change in many ways. It touched enterprise workforces, supply chains, liquidity, and provided many other opportunities to pivot in response to risk. Chief among these is the conversion of traditional channels to digital, both during and after the pandemic. Other risk-based opportunities include:
Pandemics are not the only things from which businesses need to build resiliency. While COVID-19 was a once-in-a-lifetime event, any type of unforeseen circumstances, including forces of nature, abrupt shifts in the economy, terrorism (physical or cyber), and more, all need to be part of comprehensive disaster recovery planning for building enterprise resilience.
Business continuity enables an organization to continue its core business functions in the face of disaster, attack, or other interventional forces. Often, businesses have disaster recovery plans that revolve around natural disasters. A good disaster recovery plan will include a strategy to remain cyber resilient during these events, as well as any other occurrence that puts critical systems at risk.
The key to driving enterprise resiliency is to build crisis “shock-absorbers” to sustain business operations, customer outreach, and non-stop business transformation during times of crisis. Digital transformation is a good strategy for building enterprise resiliency. For example, digitally-enabled organizations were able to “quickly pivot” during COVID-19 and address supply chain issues, customer disruptions, and bring innovative products and services to their customers.
Cyber resiliency plays a critical role in driving digital transformation (which then enables enterprise resiliency and continuity). For example, organizations that embed cybersecurity at inception are better able to drive high-velocity (Agile) development, robust, and resilient platforms.
A comprehensive digital transformation that addresses cyber resiliency requires integration of cybersecurity throughout the enterprise lifecycle – to protect the business, detect for changing risk surface, and evolve the capability to address with changing threats.
A good cyber resiliency strategy protects your systems, your applications, and your data. You need to ensure that only authorized users can access your systems and that you can track them wherever they go once they are in through strong identity access management. You also need to be able to detect vulnerabilities in your applications – finding any weaknesses that might be exploited. Finally, the privacy of your data – information about your customers, your employees, and your organization’s intellectual property – must be guarded with the highest levels of security.
The second part of a good cyber resiliency strategy is to detect when someone is trying to act maliciously against you. This can be very challenging as bad actors become more sophisticated and work in more covert ways to breach your environment. Plus, these advanced threats aren’t limited to the outside. Some breaches begin inside an organization. The average delay in breach detection and containment is 280 days. During this time, the bad actors can be stealing or destroying data and even damaging the systems themselves without anyone knowing.
To adequately detect security risks, companies must understand what data they hold and where it resides. Mapping your data enables you to understand its importance, govern it according to applicable regulatory demands, and minimize the risk of non-compliance, theft, and more.
It’s also helpful for security teams to understand individual user behavior. When you understand what someone’s “normal” actions are on the system, it’s easier to identify behaviors that don’t meet the patterns and might be putting the company at risk.
One reason why security teams struggle with detection is that many solutions generate so much data that they create “false positives.” In fact, so much data is generated that it’s often hard to determine what is an actual threat. SOCs just don’t have the time to look at each alert individually and evaluate the risk. That’s why any good solution will have the ability to evaluate and automate responses, and then elevate higher-risk alerts to the security team for action.
A major component of cyber resilience is the ability to adapt and evolve your security posture to stay ahead of threats. Hackers are constantly finding new ways to exploit vulnerabilities. They know that there will eventually be a fix for what worked yesterday, so they’re constantly trying to figure out what will work tomorrow. A cyber resilient organization will anticipate the new attack vectors through threat modeling and work to defend them even before they become a vulnerability.
To evolve requires the ability to quickly deploy and integrate existing and new services, both on-premises and in the cloud. It also requires access to industry intellectual property and best practices – ideally built into the products and tools being used for security. And, it involves being able to rapidly correlate data using mathematical models and machine learning so you can make data-driven decisions.
An effective cyber resiliency strategy will include components of multiple cybersecurity solutions. These include:
Artificial intelligence and machine learning
Artificial intelligence and machine learning (AI/ML) are important contributors to effective cyber resilience. With the mountains of data generated by security solutions, the use of systems that can analyze behaviors and risk and automate response can significantly increase an organization’s ability to intelligently adapt to vulnerabilities and attacks.
Ensuring data security is a primary component of both cybersecurity and cyber resiliency. This includes data in both structured and unstructured formats. You need to be able to analyze the data you have, as well as glean important insights so you can stay compliant with privacy and other governmental regulations.
Application security begins in your application development process. Testing needs to be scalable, flexible for on-premises or on-demand, and integrate with your DevOps. It should include developer-friendly processes and the code should be easily navigable.
Identity and access management
Identity and access management is the ability to manage the “who” (employees, customers) and “what” (devices, services) that access your systems and data. It enables you to develop trusted identities with the right level of access. Knowing the normal patterns of these identities makes it easier to identify when abnormal patterns appear.
Security operations solutions need to enhance the productivity of resources, especially considering the current security talent shortages. Security orchestration, automation, and response (SOAR) systems and security information and event management (SIEM) systems are two important aspects of productive security operations.
The security landscape is constantly changing. From hackers, to disasters, to changing business models and more, an approach to cybersecurity that is flexible, adaptable, and resilient is the best path to business continuity. A cyber resilient organization can realize many benefits:
OpenText develops integrated cybersecurity solutions to enhance your intelligence and cyber resilience and protect against advanced cyberthreats at scale. We understand your persistent challenges with evolving market demands; changing security landscapes; hybrid IT environments with new and existing device variations; and limited personnel, talent, and resources.
Our solutions enable InfoSec teams to identify, trace, and learn from threats through behavior and pattern analysis with machine learning. Application development teams can use DevOps methods to secure and continuously scan applications for vulnerabilities. Data engineering units are empowered to oversee and secure structured data and unstructured data. IT security departments can manage identities and access throughout the global infrastructure to enforce policies and procedures to secure critical data and systems. We empower you by using artificial intelligence and connected insights as a guiding principle to structure a resilient culture and to adapt to the needs of your enterprise as it grows, expands, and evolves.
Cyber resilience legislation
Because of the increasing importance of cyber resilience, many countries have passed legislation to protect organizations, individuals, and their states. Some of the countries who have passed cyber resilience initiatives include:
Australia has both state and federal laws against hacking. It also requires organizations to take reasonable action to prevent, mitigate, and manage cybersecurity incidents.
Bulgaria published a National Cyber Security Strategy to be cyber resilient by 2020.
The United States has both federal and state laws to ensure the protection of data and critical infrastructure. California has many privacy laws, including the recently passed California Consumer Privacy Act, and has begun enforcing it following a six-month pandemic delay. An example of federal cybersecurity laws that protect privacy include the Health Insurance Portability and Accountability Act (HIPAA) passed in 1996. The Federal Government is currently debating whether to provide grants to states to help enhance their cyber resiliency.
Here is an interesting site about the status of cybersecurity legislation across the United States.
The United Kingdom participates in European Union cyber resilience strategies such as General Data Protection and Regulation laws. It also has organizations such as the Cyber Resilience Alliance that focus on cybersecurity in the UK, with the goal of helping it become “one of the most secure, capable, and cyber resilient countries in the world.”
Cybersecurity is the protection of computer systems and endpoints from theft or damage. It can apply to closed systems, but is most often used to refer to the protection of internet-connected devices and networks, often referred to as “the internet of things” (IoT). Good cybersecurity is an essential element of cyber resilience. Cybersecurity protects information collected from employees, vendors, and customers; critical infrastructure and processes; and the intellectual property upon which the business is built.
Cyber resiliency enables organizations to secure the business, reduce exposure time to cyberthreats, and reduce the impact of attacks to help ensure continued sustainability.
Enterprise cyber risk is financial, reputation, or liability risk that arises from the misuse of data, systems, or exploitation of users.
What is a cyber attack?
A cyberattack is a subset of cyber risk, and is a broad term with multiple definitions. In general it is an attempt to steal, alter, or destroy personal data or intellectual property. It can also interfere with critical functionality (such as a denial of service attack) in order to damage a business’ ability to function. Targets can include computer information systems, computer infrastructure, computer networks, and even personal computing devices.
The first step in a cyberattack is to gain access to the targeted system. This can be done online through techniques such as “phishing” or “spoofing.” But no method is off the table for an attacker. Phone calls asking for your personally identifiable information (PII) and even stealing access badges to gain illicit entry to buildings are some of the ways that attackers can gain the necessary information to begin their assault.
Who performs cyber attacks?
“Threat actor” is the name given to cyber attackers. Threat actors can be individuals, groups, organizations, or even nation states. Sometimes they will attack because there is an opportunity, and sometimes they have very specific, target reasons.
Individual threat actors are often called hackers, and can have very different motivations. “Black hat” hackers have malicious intent – stealing, destroying, and moving through computer systems without the owner’s permission. “White hats,” on the other hand, work with system owners against black hats to protect systems and data from theft, destruction, or even ransom. Of course, there are “gray hats” as well. They act as mercenaries for groups that pay them for their cyber-skills.