The numbers paint a disturbing picture of the current state of cybercrime. During one average day in 2023, researchers say, the world can expect to see:
- 3.4 billion phishing emails
- 300,000 malware infections
- 22,500 distributed denial of service attacks
- 2,328 data breaches
Faced with this relentless onslaught, organizations have had to accept that it is no longer possible to prevent every attack. Instead, more are making the philosophical shift to cyber resilience — a bend-but-don’t-break approach focused on identifying, disrupting and recovering from attacks that slip past traditional defenses.
Limit the Damage
Conventional preventive measures such as firewalls, antivirus and intrusion detection remain essential, but cyber resilience is a broader concept incorporating business continuity, risk management and incident response. The idea is to ensure your ability to respond quickly and decisively to an ongoing attack in order to limit disruptions and sustain operations.
Developing and practicing cyber resilience is a challenging process, however. All companies have unique security and operational requirements, and there are countless numbers of potential threats, solutions and contingencies that must be taken into consideration. As with most organization-wide technology initiatives, first attempts aren’t always entirely successful.
In a recent survey of senior security and risk leaders at U.S., U.K. and German enterprises with at least 1,000 employees, Osterman Research found that 86 percent have implemented a cyber resilience program. However, 52 percent said their organization lacks a comprehensive approach to assessing resilience. Analysts say the results indicate that although companies are prioritizing cyber resilience, their current programs and training are ineffective.
Establish a Framework
Researchers concluded that initiatives often miss the mark because companies haven’t established a framework to quantify and demonstrate resilience. As a result, companies can’t reliably track and measure incident response times, threat types, intrusion rates and other key metrics related to resilience.
The National Institute of Standards and Technology (NIST), the Mitre Corporation and numerous other cybersecurity agencies, associations and standards groups have developed several frameworks to guide organizations in the transition to cyber resilience. Most include these six key components:
- Identify. Organizations must identify all critical hardware, software, data and processes, and how they support essential business functions in order to develop a risk management strategy.
- Protect. In this stage, organizations implement access controls, identity management, data protection and other key security measures that create an essential first line of defense.
- Detect. To ensure the timely identification and mitigation of cybersecurity events, organizations should implement advanced analytics, active monitoring tools and enhanced threat intelligence capabilities.
- Respond. Organizations need a formal incident response plan that outlines how they will react to a threat or attack. The plan should describe technical requirements for containing and eradicating threats as well as business requirements for maintaining operations even while an attack is in progress.
- Recover. In this stage, organizations identify steps necessary to resume normal operations, including restoring data from backups, rebuilding or updating critical applications, and restoring or replacing affected hardware.
- Adapt. Following the attack, organizations should document and analyze the incident to improve preparation for subsequent threats. Evaluating response to the threat enables IT teams to identify any improvements that could reduce the risk of similar attacks.
Cybersecurity measures have traditionally focused almost exclusively on prevention. While that remains a crucial capability, it has become clear that no security controls are 100 percent effective against increasingly sophisticated and frequent threats. Verteks can help you develop and implement a cyber resilience framework that will enhance your ability to withstand and recover from attacks that slip past more conventional measures.
