ALCiT

What is Cyber Resilience?

Written by Loïc Calvez | May 30, 2023 1:51:33 PM

According to Wikipedia: Cyber resilience refers to an entity's ability to continuously deliver the intended outcome, despite cyber attacks. Resilience to cyber attacks is essential to IT systems, critical infrastructure, business processes, organizations, societies, and nation-states.

In other words, Cyber Resilience is about putting in place the people, process, and technology to minimize the impact of a cyber attack and to be able operate after.

Let’s be much more specific and tie this back to the Five Functions of NIST:

  • Identify: In order to continue operating, you must understand the data and systems you need to so. Make a list, identify the dependencies, and categorize the risks. You should also take this opportunity to identify your third party risks (who are your critical suppliers and service providers).
  • Protect: You next actions items are to prevent and defend. Leverage multiple layers of defenses, use Zero Trust as your guide. Reduce your attack surface and deploy tools to improve your defenses. Getting rid of data you don’t need is also a good passive defense that can save you some pain later.
  • Detect: Now that you know what you have and are defending it, you need to monitor all that is happening all the time (24/7, for real). This is important for two reasons: first, effectiveness (you have limited resources, make sure your efforts are applied to the right place and are paying off); second, speed! the sooner you know you have an issue, the less damage you will have to remediate.
  • Respond: This is where having a formal practiced Cybersecurity Incident Response Plan (CIRP) is critical. This will speed up the response, clarify who can make what decision and allow you to learn and update the plan for the next time (yes, there will be a next time).
  • Recover: We always wish we never have to use the fifth function, but this is another one where being prepared is key. Do you have a Business Continuity Plan? Has it been tested? Do you have the data you require to keep operating? Is it in an immutable storage location to ensure it cannot get destroyed?

And this brings us to the sixth function (of five!): continuous improvement. Cyber Resilience is not something you do once, it’s something you do all the time. Everything is evolving faster, what was critical to operate your business 3 months ago may have changed, the tools to defend it have also evolved and unfortunately, new attack methods have been discovered.

Hopefully by now, it is clear that you need Cyber Resilience. You have two main options; do it yourself, you do the research, you buy the tools, you configure them, you train the people, you watch the logs, you respond and you make sure you can do this 24/7 even when people are busy, go on vacation or get sick; the other option a Managed Cyber Resilience service: your service provider does the heavy lifting for you, you get peace of mind and you can focus on you core business.

You have questions? You want a chat with a cybersecurity expert? ALCiT can help you with option 1 or option 2 (and everything in between). Click here to schedule a quick intro meeting and see if you qualify for a free 30 min session with a cybersecurity expert.