As part of last month’s Cybersecurity Awareness Month, I was traveling around the globe to provide organizations actionable tips on how to strengthen their cybersecurity posture and allow for accelerated recovery from cyberattacks. Through my conversations with hundreds of analysts, system integrators, and security professionals one thing became apparent – many of them understand that it’s no longer a matter of ‘if’ but ‘when’ an organization will suffer a data breach. This means that instead of primarily focusing efforts on keeping threat actors out of the network, it’s equally important to develop a strategy to reduce the impact. In turn, many organizations have started adopting a new strategy to cope with today’s increased cyber threats, which is called ‘cyber resilience’.
But what exactly is cyber resilience and how does it compare to traditional cybersecurity practices?
According to MITRE, cyber resilience (or cyber resiliency) “is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise. The objective of cyber resilience is to ensure that an adverse cyber event (intentional or unintentional, i.e., due to failed software updates) does not negatively impact the confidentiality, integrity, and availability of an organization’s business operation.
Cybersecurity vs. Cyber Resilience
Cybersecurity applies technology, processes, and measures that are designed to protect systems (e.g., servers, endpoints), networks, and data from cyberattacks. In contrast, cyber resilience focuses on detective and reactive controls in an organization’s IT environment to assess gaps and drive enhancements to the overall security posture. Most cyber resilience initiatives leverage or enhance a variety of cybersecurity measures. Both are most effective when applied in concert.
More and more cyber risk and security management frameworks are adopting the concept of cyber resilience (e.g., the Department of Homeland Security’s Cyber Resilience Review (CRR) or the National Institute of Standards and Technology (NIST) Special Publication 800-160 Volume 2). Furthermore, leading analyst firms like Gartner are advising clients to shift their cybersecurity priorities from defensive strategies to the management of disruption through resilience to make a real difference to the impact of cybersecurity incidents.
Benefits of Cyber Resilience
A cyber resilience strategy is vital for business continuity and can provide a range of benefits prior, during, and after a cyberattack, such as:
• Enhanced Security Posture: Cyber resilience not only helps with responding to and surviving an attack. It can also help an organization develop strategies to improve IT governance, improve security across critical assets, expand data protection efforts, and minimize human error.
• Reduced Financial Loss: According to the IBM Cost of a Data Breach Report 2022, the average cost of a data breach is now $4.35 million globally. In addition to financial costs, the reputational impact of data breaches is increasing due to the introduction of general data protection laws and stringent data breach notification requirements. Cyber resilience can help minimize recovery costs by accelerating time-to-remediation.
• Improved Compliance Posture: Many industry standards, government regulations, and data privacy laws nowadays propagate cyber resilience.
• Enhanced IT Productivity: One of the understated benefits of cyber resilience is its ability to improve the daily IT operations, including threat response and ensuring day-to-day operations run smoothly.
• Heightened Customer Trust: Implementing a cyber resilience strategy helps improve trust as it enhances the chances of responding to and surviving a cyberattack, minimizing the negative impact on an organization’s customer relationships.
• Increased Competitive Edge: Cyber resilience provides organizations a competitive advantage over companies without it.
Both the range of cyber resources within an organization (e.g., networks, data, workloads, devices, and people) and the threats to which they are susceptible will determine what steps are needed to achieve cyber resilience. As a result, cyber resilience measures should be implemented based on an assessment of the tactics, techniques, and procedures (so-called TTPs) that hackers are commonly applying when exploiting their victims.
For instance, endpoints are often used as an access point for hackers and cybercriminals to launch attacks that could infect an organization’s entire network or function as a beachhead to laterally move within the network. In fact, a Ponemon Institute survey revealed that 68 percent of organizations suffered a successful endpoint attack within the last 12 months.
Despite widespread attempts to secure endpoints, this finding suggests that security has been rapidly eroding in today’s work-from-anywhere environment and therefore requires Endpoint Resilience, which is just one flavor of cyber resilience. Endpoint Resilience enables organizations to always know where their endpoints are, apply deep security control, and take defensive actions on those devices, which includes repairing protective security applications if they’re disabled, altered, or otherwise compromised.
When implemented properly, cyber resilience can be considered a preventive measure to counteract human error, malicious actions, and decayed, insecure software. The goal of cyber resilience is to aggressively protect the entire enterprise, covering all available cyber resources.
Torsten George is currently a cyber security evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell). Previous Columns by Torsten George:Tags: