In times of global crisis, some people always seem to show just how bad humans can be. Many hackers have seen the COVID-19 pandemic as a major opportunity to launch a whole series of new cyber attacks – especially in the healthcare sectors. It has gotten so bad that the IRS in the US has had to issue warning about Coronavirus-related scams. These despicable acts are showing just how important cyber resilience is to enterprises. This blog looks at how to go about establishing a cyber resilience strategy and building your enterprise-grade cyber resilience framework.
It seems like we’ve lived with phishing emails for years to the point where we’re surprised that people still fall for them. But, fall they do. In OpenText™ Webroot’s Hook, Line and Sinker report, 56% of Australians said they could spot a phishing email. Yet, almost 50% said they had still clicked on a link! It should be easy to spot a Nigerian prince from a mile away – but still isn’t – it’s a completely different prospect for a businessman who’s desperate to know if they qualify for a Stimulus loan.
We know that these attacks are going to grow in both volume and severity. As we mentioned in a previous blog – what is cyber resilience – it’s not if you’ll be attacked but when. Also, it’s not just about keeping them out, it’s being able to recover and survive when they get in.
What is cyber resilience?
There is often some confusion between cyber security vs cyber resilience. It is possible think of the difference as:
- Cyber security is the state of protecting your network, endpoints, users – and the data and information it holds – from attack by deploying policies, procedures and technology tools to identify risk and protect your assets.
- Cyber resilience accepts that you can’t stop every attack and that some will succeed no matter how prepared your defenses. Instead, it covers the ability to detect and address an attack once its penetrated your network perimeter as well as everything required to return you to ‘business as usual’ as quickly and painlessly as possible.
This cyber resilience definition encompasses a whole suite of policies, methods and solutions to ensure its possible for an enterprise to identify, respond and recover from a cyber attack, while it keeps operating and serving customers. In addition, it covers how effectively a business can get back on its feet and how well it learns the lesson for each incident.
So why is cyber resilience important? In August 2018, the American Medical Collection Agency had its network breached. The organization discovered the breach in March 2019. According to the Ponemon Institute, it takes on average almost a year to discover and fix a breach – at a cost of almost $4 million. For smaller companies, the breach is often fatal.
Many companies are now beginning to develop a cyber resilience framework – sometimes called a cyber security resilience framework – as a means to drive cyber resilience through the organization.
Building cyber resilience frameworks
Cyber resilience frameworks are designed to create end-to-end security approaches that are comprehensive, cost-effective, flexible, and performance-based. Encompasses a series of cyber resilience best practices, methods and procedures, the cyber resilience framework provide visibility into the current security situation, identifies the optimum security environment, charts continuous improvement, and assesses progress towards these goals.
According to continuitycentral.com, there are five key components of a cyber resilience framework:
The first component of a cyber resilience framework is developing an enterprise-wide understanding of how to manage cyber security risks to systems, assets, devices, data and people. This enables you to establish a cyber security and resilience policy framework that sets out the business context and cyber security risks so you can focus on delivering your business needs, ensuring compliance and mitigating risk.
The next step within the cyber resilience framework involves developing and implementing suitable safeguards to make sure that the delivery of information is achieved securely and successfully. This really covers many of the functions contained in traditional cyber security using technology tools to limit and control secure access to digital assets and systems to prevent any breaches.
The detect component covers the function necessary for cyber security and resilience by identifying all cyber attacks and risks promptly. The focus of this part of the cyber resilience framework is to recognize suspicious activities wherever and whenever it occurs on the network and quickly access its likely effect on your business. This component of the framework includes detection processes, continuous monitoring, and anomalies and events reporting.
The objective of this component of the cyber resilience framework is to develop suitable sets of actions to be carried out when a cyber attack is detected or the first line of defences breached. There are five key areas to the ability to respond effectively including response planning, communications, analysis, mitigation, and improvements. In many of the more advanced cyber resilience solutions, AI-assisted analytics are used to capture all breach data and help plan to more quickly and appropriately react to similar attacks in the future. It enables you to establish cyber resilience metrics to clearly understand how you’re performing and where adjustments can be made.
This final component in a cyber resilience framework is designed to help develop and implement strategies and activities to maintain business continuity. This will include restoring damaged services or capabilities caused by a breach, as well as the steps necessary to make available the information and data required to revert to normal business operations.
Selecting a Cyber Resilience service provider for your enterprise
It should be clear that cyber resilience is a complex area that requires many different methodologies and tools in order to achieve full resilience of business operations. For that reason, many organizations are now turning to cyber resilience service providers. Most providers offer a comprehensive portfolio of cyber resilience services based around cyber resilience best practices and industry experience. The service provider that you choose should be able to demonstrate its own cyber resilience framework. It is always recommended that you ask for cyber resilience examples of where it has been successful in the past.
Visit our website to find out more about cyber resilience and other information security solutions from OpenText.