Many crisis management teams, cybersecurity professionals and business leaders have dealt with cyberthreats incorrectly.
Standard measures mainly fortify perimeter defenses — but what happens when a single bad actor slips past? Cyber resilience is the solution.
Unlike typical cybersecurity measures, a mindset of cyber resilience prioritizes timely incident response and rapid recovery. If an organization strategically implements the techniques in this article, it can improve its network’s resilience to cyberattacks, minimizing losses and maximizing uptime.
The Importance of Cyber Resilience
Organizations rely on their networks and equipment for everyday operations. Since these functions are critical, they must not only be defended from external threats but also be resilient in case those defenses fail.
Business Continuity
Minimizing cyberattack-induced interruptions is crucial. For nine in 10 midsize and large enterprises, unplanned downtime costs more than $300,000 per hour on average. Cyber resiliency ensures critical components continue functioning even when parts of the network are compromised.
Unnecessary expenses aren’t the only losses organizations face when networks go down — productivity drops, too. During downtime, no one can get work done effectively. When the network is back up, employees take 23 minutes on average to regain focus.
Crisis Management
How a firm handles a crisis influences shareholder confidence and customer perception, so swift incident response is essential. Once leaders acknowledge breaches and cyberattacks will still occur despite stringent security measures, they can enhance crisis management to preserve their reputation and financial status.
Data Exchange
Cybercriminals can intercept communications to exfiltrate sensitive data or interrupt network operations in exchange for a ransom. With unauthorized access, they can cause substantial damage to private and public sectors.
Efficient, safe data exchange is critical for companies, critical infrastructure operators, emergency responders and the general public. Cyber resilience helps ensure customer and corporate data remains secure and private.
The Case for Cyber Resilience Over Cybersecurity
According to the European Network and Information Security Agency, although most carrier-class network equipment is designed to operate on the basis of five nines — meaning at 99.999% availability — failures can and do still occur. This fact is especially true when bad actors are involved. They can compromise even the most reliable component.
Cybercriminals have outpaced information technology (IT) teams’ defenses for years, taking advantage of increasingly subtle weak points and creative exploits. Advances like artificial intelligence and ransomware-as-a-service have made cybercriminality more accessible than ever — bad actors no longer need to be skilled to be successful.
As networks grow more interconnected, there is an increasing lack of visibility. Cybercriminals can infiltrate via any number of attack vectors. With the help of third-party insider threats, they can penetrate even the most secure systems.
The average cybersecurity spend has increased exponentially. According to experts, it will reach $26 per employee by 2028 — a 420% increase from $5 in 2018. Despite investments growing, cybercrime has not slowed. Various high-profile cyberattacks have demonstrated the industry-wide focus on security is no longer working.
The problem with cybersecurity is that its goal is keeping networks free from cyberthreats — a good, but virtually impossible, mission. Cyber resilience is different. It operates on the assumption that breaches are inevitable, focusing instead on withstanding and recovering from incidents.
When the goal is to shorten the attack life cycle and maintain business continuity instead of fortifying defenses to keep threats out, cybersecurity incidents can do less damage. It also lessens the chance they intercept or exfiltrate sensitive messages, protecting customer and company data from being sold on the dark web.
Techniques for Improving Cyber Resilience
Business leaders, cybersecurity professionals and crisis management teams in IT operations should use these techniques to improve cyber resilience.
1. Deploy End-to-End Encryption Measures
Data-centric cyber resilience focuses on the information being created, transmitted and received via interconnected networks. There is no guarantee cybersecurity measures will keep out 100% of attackers, so the IT team’s focus should be on damage control. Leveraging end-to-end encryption for communications makes any stolen data virtually worthless.
2. Leverage Out-of-Band Communication
Redundancy is critical for business continuity. Components within the core network should always have internal redundancies. Additionally, multiple elements should be at critical locations to enable switching or routing. This way, they can carry traffic when necessary.
An out-of-band (OOB) communication solution is ideal. It provides an alternative method to use when primary communication channels are compromised or down. Since it’s physically separate from the primary network, it offers resilience to network changes and cyberattacks.
3. Conduct Continuous Threat Hunting
Threat hunting helps organizations identify and counter cyberthreats that would otherwise go undetected. It is time-consuming — and may not turn up much for extended periods — but the hours spent scanning are worth it for threat containment and timely incident response.
4. Lure Cybercriminals Into Honeypots
Following the logic of cyber resilience — the assumption that attackers have already infiltrated networks — creating a decoy is the ideal strategy. A honeypot is a replica network or sacrificial system that lures and traps bad actors.
In addition to safeguarding sensitive components, it contains threats. Best of all, professionals can learn to defend against novel attack techniques.
Tips for Effectively Utilizing These Techniques
Professionals can improve the effectiveness of incident response with these methods.
1. Conduct Training Exercises Regularly
A cyber resilience strategy is only complete with practice. Regular training and equipment testing can markedly improve interoperability, ensuring an effective, timely response during emergencies. Brands can simulate cyberattacks or conduct penetration testing to determine areas of opportunity within incident response.
2. Isolate and Test the OOB Network
An OOB solution should provide voice, email and chat capabilities. For internal networks, file storage and mass one-way communication features are ideal. This way, professionals don’t have to worry about bad actors intercepting sensitive messages during incident response.
During deployment, IT teams should ensure this secondary channel is completely isolated from their in-band network. Even a single dependency could make remediation impossible.
Leaders should ensure their OOB solution is set up and tested before a cybersecurity incident occurs. As a result, the length of unplanned downtime will go from hours to minutes when the primary channel is — or is suspected to be — compromised.
3. Deploy Autonomous Automation Tools
According to one report, human error was responsible for 64% of all cybersecurity incidents from 2021 to 2023. Since cyber resilience aims to recover quickly from cyberattacks, causing security issues is obviously undesirable. Automating continuous monitoring or threat detection with autonomous or intelligent technology — like machine learning, for example — ensures an adaptive, dynamic incident response, helping organizations better secure multiple linked communication channels.
Cyberthreat Sophistication Will Inevitably Increase
As technology progresses, cyberthreats will become increasingly sophisticated. With AI, they may even become entirely automated. While companies shouldn’t forgo cybersecurity altogether, improving incident response and recovery by embracing a mindset of cyber resilience will help mitigate damage from breaches and attacks.
Leave A Comment
You must be logged in to post a comment.