Padlock / code / hacking

Cyber resilience: what is it and why is it important?

Cybersecurity is a never-ending cat-and-mouse chase. As soon as professionals develop a new protective measure, hackers and cybercriminals will undoubtedly come up with a countermeasure, which will force the former to create counters to those countermeasures. It has been like this since the 1800s and will continue to be the case in the following decades.

That’s why enterprises are spending millions on improving their cybersecurity. A recent report by McKinsey estimated total spending to breach the USD$100-billion mark by 2025, with 85% of small and medium enterprises (SMEs) increasing their IT budgets. In this day and age, they want to be cyber-resilient, capable of doing business amid today’s evolving cyber threats.

Cyber resilience will be a talking point in the years to come. Here’s a close look into what it is and why it has become more crucial.

Improvise, adapt, overcome

The National Institute of Standards and Technology (NIST) defines cyber resilience (or cyber resiliency, as they call it) as follows:

The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources (NIST Special Publication 800-160 Vol. 2, Revision 1, 2021).

While it goes by other names among business leaders, the definition is more or less analogous. Cyber resilience is the ability to shrug off data breaches and other attacks and recover or even adapt to them should they recur. Amid these attacks, businesses and organizations should still be capable of delivering quality goods and services.

One of the biggest reasons for the rise of cyber resilience is that experts believe the defending team is losing against the attacking one. The McKinsey study confirmed that the current cybersecurity doctrine has barely kept up with technological advances. Any cybersecurity changes a business employs will likely face against cybercriminals using next-gen tech.

In light of this, businesses will have to “improvise, adapt, and overcome.” For instance, COVID-19 has forced many businesses to digitize everything from supply to item delivery. But since this digital transformation risks being a target for cyberattacks, they also developed contingency plans for such an event.

The combination of investing in state-of-the-art solutions like Azure backup systems and drafting action plans in the event of a breach makes for a cyber-resilient business. Its advantages include:

  • Mitigating the risk of debilitating financial losses
  • Complying with local and national data privacy laws
  • Streamlining internal processes for further cost reduction
  • Maintaining a positive reputation and consumer trust

Elements of cyber resilience

Cyber resilience models vary throughout the cybersecurity industry. However, they mostly share the same four fundamentals: protection, detection, response, and assurance. The number of steps necessary to achieve resilience depends on the business or organization’s needs.

Protection

Traditional cybersecurity doctrines rely on having a robust system in place, and it’s no different in cyber resilience. Some activities in this phase involve investing in software and suites for malware protection, data encryption, network and communication security, and systems security.

This phase also warrants training people to operate these systems and laying down policies for responding to various threats. No matter how advanced, a cybersecurity infrastructure won’t be effective in the hands of users who lack the necessary skills.

Detection

Contrary to what TV shows and movies portray, most attacks don’t happen in seconds or minutes. According to IBM’s latest Cost of a Data Breach report, detecting a breach and containing it takes more than nine months on average. Without keeping a close eye on a malicious entity in the system, it’ll be near impossible to plug the hole it made.

The second phase of building a cyber-resilient business requires real-time monitoring. If doctors often say prevention is better than cure, cybersecurity experts say being aware of a potential threat is better than repairing the damage it causes later.

Keep in mind that this phase not only involves detecting the threat through the software. Personnel will also have to gather more information on the threat from external sources such as audit logs and other documents.

Response

Despite much preparation in the first two phases, some attacks will inevitably get through and wreak havoc. Researchers at the University of Maryland reveal that a cyberattack takes place once every 39 seconds, with a one-in-four chance of success. By comparison, the chances of a thief breaking into someone’s house is one in 50.

Businesses and organizations would want to get back on their feet as soon as possible. In this case, the best response would be to have an adequate incident response management plan. This document should contain the appropriate measures and, more importantly, the time required to get them done without interrupting business activity too much.

Assurance

One of the most prevalent myths about cybersecurity is that it’s the IT department’s problem. But if an employee accesses a rather suspicious link in an email or has negligently exposed his or her login credentials, will the IT team be fully liable for failing to prevent the subsequent data loss? It’s not difficult to see that cybersecurity is everyone’s responsibility from the top down.

Any company-wide response to a cyberattack must have the approval and support of the upper echelons of management, notably up to the board level. It also must have defined criteria for holding the right personnel accountable for any untoward incidents, not just those who deal with cybersecurity every day.

Takeaway

Many industry experts have called for the existing doctrine to shift from cyber security to cyber resilience. Business and organization leaders have to admit that stuffing their infrastructure with cutting-edge cybersecurity tech is no longer enough. Cybercriminals will find exploits and other workarounds—and when they do, the price to pay is steep.

Cyber resilience combines technology and awareness to create more robust protection against attacks. They may find a way into the system, but cyber resilience can ensure the business or organization bounces back and learns from the experience. There may come a day when the defenders turn the tables and go on the offense against cybercrime.

Share This