What is Cyber Resilience?

Cyber Resilience

Preventing cyber-attacks requires a multi-focused cyber-security practice, causing many organizations to begin focusing on building cyber security resilience. This drives the question: what is cyber resilience? It is focused on identifying an attack and recovering before it can affect the operation of key business services or outcomes.

The key term is resilience, which is being used more frequently in IT. Resilience focuses on the ability to bounce back or defend rather than prevent. The idea is to predict and mitigate the cause of incidents before they occur, so the reaction is automated and instant, preventing them from interrupting service operation. Cyber security resiliency leverages the concept of automated and immediate response to security incidents. To be effective, both cyber-security and cyber-resilience are needed as they focus on different activities, providing a more robust cyber security strategy.

Cyber Security vs Cyber Resilience

Resilience in cyber security comes from combining the two disciplines of cyber security and cyber resilience, but understanding the differences helps an organization build a robust cyber security program. Cyber security is focused on preventing attacks by closing all potential gaps hackers might use to gain access to a system. In contrast, cyber resiliency is focused on the response to that attack.

Understanding and practising both significantly increase the organization’s success in defence against cyber-attacks, especially if the knowledge gained along the way is fed back into the process.

The two approaches can be compared at the high level as shown below:

Cyber Security: PROTECT	Cyber Resiliency: DEFEND
Identifying new/known vulnerabilities Scanning for vulnerabilities Patching & prevention	Scanning and monitoring Response playbooks Automated security incident response

Cyber security and resilience are practices that need to be developed, documented, and implemented as part of an overarching cyber security strategy to protect sensitive data and systems from unwanted intrusion.

Cyber security is frequently termed “vulnerability management” because its primary concern or focus is learning about known vulnerabilities (NIST publishes a threat list) that can be leveraged to gain access to an organization’s computing environment. Vulnerability scanning tools can be used to report back those computing components that are at risk and using service mapping information from the CMDB, the organization can prioritize and address each of them. This component of a cyber security resiliency program is time-consuming and never-ending as new vulnerabilities will always be detected and exploited every time equipment, firmware and software are upgraded or introduced.

While vulnerability management is important, organizations realize they cannot be successful with vulnerability management alone.

Security incident management is also important, but for too many organizations, their response is too slow, resulting in breaches. Cyber resiliency focuses on these efforts, looking for ways to detect breaches and cut them off before they can damage the operational environment or steal confidential information. In the volatile and uncertain world of computing, cyber resiliency is an important part of an overarching business continuity program. Cyber resiliency efforts can be multi-disciplined, working to identify, contain and remove the threat. For example, a phishing attack sent through email, once detected, can be contained by removing the offending email from the email system and peoples’ inboxes, then removed by cleansing the system of any trace code that has been installed.

Cyber security resilience is a risk-based practice that has both proactive and reactive elements. The proactive resilience activities include performing a risk assessment of infrastructure and applications and determining how well they are protected, as well as identifying the ways in which a hacker might gain access or the types of attacks to expect. Next would be to mitigate that risk through the cyber security program but also to document the instructions for containing and eradicating the potential attack should one occur. This is known as a security runbook. Defining and automating security runbooks is a key activity in this practice.

Why is Cyber Resiliency Important?

It protects companies’ assets and individual data, both of which have become increasingly more important as business goes digital. The growth of the cloud and Internet business has created two primary markets that encourage cyber-attack:

The growing threat of ransomware attacks and the ability to steal and resell data. Companies pay off hackers to regain access to their computing environment and data.
With the market available to profit from cyber theft, cyber security resilience becomes a more important tool to keep businesses safe.

This is at a high level, but resilience plans are also important as they protect a company’s revenue stream, ability to conduct business and reputation. Data breaches, particularly those that end up in the theft of personal data, damage the company’s reputation and ability to grow its Internet business. Cybercrime has even risen to the level of government attacking other governments, raising the bar to protect government processes, like voting and ensuring the protection of publicly operated water and power facilities. Increased cyber security resilience programs are at the heart of protecting data and operations with the stakes so high.

The rise of IoT devices and self-driving cars also raises significant questions about cyber security resilience as we begin to trust our homes and safety to digital technology. The idea of a hacker unlocking doors and enabling entrance or hacking into a car’s navigation and the driving system makes these technologies very scary to people, and cyber security resilience programs are important to gain their confidence.

Components of Cyber Resilience

A robust online cyber security resilience program is an ongoing, closed-loop process where the vulnerability management process takes steps to protect the environment by identifying new known vulnerabilities, scanning their environment to see which might apply and patching or taking other steps to prevent them. As part of a cyber security resilience program, the protection process includes installing endpoint attack prevention and access identity management tools to further protect the environment.

Cyber resiliency then picks up the burden of defending the environment: monitoring for intrusive patterns of behaviour and reacting, detecting any potential impacts on applications and data and addressing them, basically applying pre-documented security run books and automated security incident responses.

NIST has published a free cyber risk resilience framework that is worth understanding in full and using as a guide to developing a cyber security resilience program. There are three main components to the cyber security resilience framework: Framework Core, Implementation Tiers and Profiles.

The Framework Core is the heart of a cyber security resilience framework itself and consists of the following outcomes:

Identify: Know the potential vulnerabilities and which components or applications affected are used in the organization.

Protect: Take steps to mitigate these risks: change passwords, patch systems, install endpoint protection and virus/email protection software.

Detect: Use a robust monitoring program equipped with an understanding of attack vectors and behaviour patterns associated with known types of attack.

Respond: Have an automated response or playbook available to immediately respond to potential attacks, as well as security incident management playbooks to help address them.

Recover: Recover the affected systems through redundancy and failover, restoration of backups and other steps to restore the operational environment.

Implementation Tiers reflect the cyber risk resilience components of the framework by evaluating application risk and the level of response to be implemented based on the risk and likelihood of the attack occurring:

Tier 1: Partial
Tier 2: Risk-Informed
Tier 3: Repeatable
Tier 4: Adaptive

Profiles are a way to plan the cyber security resilience program by creating a current profile of the organization’s business objectives, the threat environment, and the requirements and controls needed to mitigate risk. A cyber security resilience profile can be built for the current state and the desired future state, enabling the organization to document a starting point and goal, then put together a program to achieve the desired end state.

The Implementation Tiers can be used when building resilience profiles as not every application or website requires the same level of diligence. Thus, building a resilience profile for each application, assigning an implementation tier for it along with a mitigation approach enables the organization to take the steps needed in their resilience program.

Let Us Solve Your IAM Challenges

Let our team of IT professionals implement robust IAM policies and procedures for your organization.

Components

Understanding common mistakes made when implementing a cyber security resilience program, along with cyber-resilience best practices, can help missteps during implementation.

Cyber Resilience Mistakes	Cyber Resilience Best Practices
Lack of strategy Protecting everything Relying on insiders only Keeping efforts too quiet Lack of a resilience mindset

The biggest mistake an organization can make is not having a cyber security resilience strategy. An initiative of this side takes planning, funding, and executive support, all of which are part of that strategy.

Another common mistake is protecting everything completely or going too big too fast. As NIST makes clear with Implementation Tiers, not every application is as critical to protect: if there is no private data and it’s not a business-critical application, Tier 2 – Risk-Informed may be sufficient vs a business to consumer website that has PII (personal identifying information) and credit card data.

Companies also make the mistake of doing all their penetration testing and evaluations by themselves. An outside set of eyes by a cyber-resilience expert can help find vulnerabilities an insider will miss. In conjunction with this, many security organizations operate in a vacuum, not involving every part of IT in their efforts. This results in a lack of buy-in from those other departments.

Operation in a silo prevents the entire organization from building a resilience mindset throughout all of IT and the end-user population. This defeats the purpose of having a program in two ways: end-users don’t understand the criticality of paying attention to communications that are designed to protect the organization, and IT teams treat security vulnerability management as an afterthought.

Mistakes

Understanding common mistakes made when implementing a cyber security resilience program, along with cyber-resilience best practices, can help missteps during implementation.

Mistakes	Best Practices
Lack of strategy Protecting everything Relying on insiders only Keeping efforts too quiet Lack of a cyber resilience mindset

Another common mistake with cyber resilience is protecting everything completely or going too big too fast. As NIST makes clear with Implementation Tiers, not every application is as critical to protect: if there is no private data and it’s not a business-critical application, Tier 2 – Risk-Informed may be sufficient vs a business to consumer website that has PII (personal identifying information) and credit card data.

Operation in a silo prevents the entire organization from building a cyber resilience mindset throughout all of IT and the end-user population. This defeats the purpose of having a program in two ways: end-users don’t understand the criticality of paying attention to communications that are designed to protect the organization, and IT teams treat security vulnerability management as an afterthought.

Cyber Resilience Best Practices

Understanding cyber-resilience best practices are as important as avoiding these mistakes.

Cyber Resilience Mistakes	Cyber Resilience Best Practices
Lack of strategy Protecting everything Relying on insiders only Keeping efforts too quiet Lack of a cyber resilience mindset	Develop the Cyber Resilience Strategy Implement Governance Obtain external audits and penetration testing Rely on appropriate tools and practices

Engaging key stakeholders and building the organization’s cyber security resilience strategy is a critical best practice. The strategy will set the vision and objectives for the program and can be used to develop key performance indicators for measurement throughout the program’s life.

Next, use those key stakeholders as the base of an outreach program, so the entire organization is focused on a cyber resilience program. This ensures that end-users understand the security-focused training and communication programs they receive and embeds a cyber resilience mindset in the general population. IT needs to build and implement programs with cyber security in mind, not address it later as an afterthought.

Once this foundation is in place, a governance program based on risk management is needed. The NIST framework components offer a solid base for this program. This should also be aligned with other corporate governance programs.

Using the NIST profile concept, the next step is to understand the current state of the cyber resiliency effort and the desired future state for each application. The first part is where third parties come into play to provide an assessment and for penetration testing. Having an outside security expert attempt to break in is considered a cyber resilience best practice.

Part of the cyber resilience best practice program involves implementing the monitoring and vulnerability management tools needed to support the organization’s efforts. To do this, the organization needs to have a relatively mature asset and configuration management program. This enables the following capabilities:

Ability to scan and detect known vulnerabilities that are present in the enterprise
Identification of the applications that could be affected
Effective prioritization of the work needed to be done to protect the environments

In an effort of this size, the ability to rely on cyber-resilience best practices to avoid the most common pitfalls of cyber resilience ensures the organization can become resilient. The key to cyber resilience is to understand we live in a VUCA (volatile, uncertain, complex and ambiguous) world and develop a set of practices that enable the organization to act quickly and effectively.

CG Technologies can work with you to assess your IT networks for vulnerabilities and offers a range of network security and ransomware protection services. Contact us to learn more

Leave IT to us

With over 25 years of experience delivering exceptional services to 100’s of companies in the greater Toronto Area (GTA), CG Technologies can deliver the same benefits to your organization – keeping you secure, delivering reliable and trusted IT solutions and expertise. Our industry leading strategic IT consulting and IT solutions will allow you to focus on what matters most – your business.