Cyber Resilience:
How to plan for the unknown
Cyber resilience gets businesses to prepare for, respond to, and recover from cyber threats. This gives a company the ability to adapt to known and unknown events, threats, and challenges that may arise in any given moment.
For it to work you want your IT and security teams to have actionable data on everything in the network, not just the devices and applications that employees use every day. To set this up you need to plan up-front and have model scenarios that can tell you how your data would be accessed.
Furthermore, you also want to know about all possible touch points in the organization’s networks such as supply chains and with remote working, the touch points expanded quite a bit.
So, let’s take a look at how cyber resilience helps you prepare for, respond to, and recover from cyber threats.
Prepare for cyber threats with cyber resilience
The first thing you need to do to prepare for cyber threats with cyber resilience is to manage your data. When it comes to data management you are accessing, storing, organizing, and maintaining the data created and collected by your company. This is what ensures that data is accessible in a trusted and secure way, as well as in a linked way that makes it easy to find for those who need to use it and also for tracking purposes. You want to know how data moves from point A to point B. With this knowledge you address questions that pinpoint location and usage of the data, as well as who has access to what.
Where – Where is the data center, database, or data lakes, cloud applications, and so on.
Who – IT members, security team, legal department, all remote employees, etc.
How – is the data used and how does it go from one place in the company to another, like a remote home office.
Crisis – How are you going to take care of the downtime that can come from a natural disaster such as a hurricane during hurricane season or what about if a cyber attack happens, how is that going to be handled.
Respond to cyber threats with cyber resilience
In this area you will want to set up a specific plan with all the data management elements you collected (as shared with you above – the where, who, how, and crisis points) and plan out what security aspects you need to set up so that you can respond to a cyber threat. For example, your firewalls, antivirus, all the technology that gives you the security alerts for potential malware.
You will also want to have your security team and overall company’s cybersecurity awareness training set up, as well as your policies and procedures to organize your entire company on how to report breach or a cyber threat that they suspect.
What is most important involves your incident response and business continuity plans. These will ensure you outline exactly how you will take action, report on the cyber threat, and move forward as soon as a breach or downtown for any other reason has taken place.
Recover from cyber threats with cyber resilience
At the end of 2018, an attack on a power systems management company in western Iraq caused a blackout for six hours affecting nearly half of Baghdad. The cyber attack was quickly detected by security teams and it affected only one substation that used SCADA (supervisory control and data acquisition) technology to manage operations.
Another example, the most recent attack on the Colonial Pipeline on May 7, when the company was forced to proactively close down operations and freeze IT systems after becoming the victim of a ransomware. They were able to get back online on May 13, but they also paid the ransom.
If that’s not enough, another two examples of the threat that companies face are a cyber incident that took place in 2021 (in February), when there was a cyber attack attempt to add dangerous levels of a chemical to a city in Florida’s drinking water system and the second in the city of Kieve, Ukraine, a cyber incident in 2016, that caused a loss of all power for an hour due to Industroyer malware.
These examples show how important cyber resilience is when you have mission critical infrastructure like power plants running with automation or robotics or a pipeline that distributes gas, or a drinking water system that also operates with technology on a system that can have entry doors for those who know how to get through them.
With no human interaction possible, all systems are connected over networks, which make them susceptible to cyber attacks such as these, where hackers are able to shut down the electric grid at will without any consequences whatsoever or a pipeline, or contaminate the drinking water system, and so on.
You can see how important timing is when a breach occurs, which is why an incident response plan is part of cyber resilience. The sooner a cyber attack is detected the less damage and havoc it will create. When a company’s team already knows how to intervene, it helps to recover from any cyber threat.
This is how cyber resilience works to help you prepare for, respond to, and recover from cyber threats.
The risk of a compromise in any company can be mitigated with the right plan put into place up-front. There are many ways that cyber resilience affects your organization; we’ll continue exploring this topic through blog posts and podcasts so stay tuned!
Also, for assistance implementing cyber resilience and your overall cybersecurity posture you can schedule your free consultation at any time.
Schedule a call with our security experts today!
Photo courtesy of watcharakun