How Does Your Board Measure Cyber Resilience?

Organizations are facing an uphill battle. The volume of cyberattacks has risen year-on-year, with a 38% increase in 2022 compared to the previous year. In the UK alone, an organization is being targeted on average 855 times per week over the last six months. Supply chain attacks continue to challenge organizations.

Zero-day vulnerabilities are being uncovered daily, with the most recent prolific incident being the 3CX compromise found in March 2023.

The geopolitical landscape has never been more fractured in response to the Russo-Ukraine war, and ransomware has evolved beyond classic encryption to more sophisticated data extortion. All of this has created the perfect conditions for cybercriminals to thrive and for businesses to stay out of danger. 

So, what is the solution? In today's interconnected world, where digital technologies play a vital role in business operations, organizations need a proactive and comprehensive approach to cybersecurity, one that goes beyond traditional preventative measures. Enter cyber resilience: the ability of organizations to withstand, respond to, and recover from cyber incidents while maintaining essential operations and protecting critical assets. Cyber resilience is not just about dealing with threats, it’s about the board’s overall ability to make informed decisions on how to mitigate risk and ensure that data is protected. With such a tall order, the question is - where do you even begin?

Taking A Risk-Based View

Many organizations opt for widely recognized guidelines and standards as a starting point to establish a common framework for cybersecurity and risk analysis. Two prominent tools are the National Institute of Standards and Technology (NIST) framework and the MITRE ATT&CK framework. These provide organizations with structured approaches to identify, protect, detect, respond to, and recover from cyber threats. By adhering to these frameworks, businesses can enhance their overall cybersecurity posture and strengthen their ability to withstand potential attacks.

To implement such frameworks effectively, organizations should first assess their current cybersecurity capabilities and identify any gaps or vulnerabilities. This will help determine which framework is most suitable for their needs. Next, they need to establish a dedicated team responsible for overseeing the implementation and ongoing management of the framework. This team will map the framework's controls and guidelines to the organization's existing infrastructure and processes, ensuring the framework is aligned with the specific requirements and risks the business faces.

In the European Union (EU), recent developments have also highlighted the growing emphasis on resilience. The EU's Network and Information Security (NIS) Directive, implemented in 2018, requires organizations to adopt appropriate measures to ensure the security and resilience of their network and information systems. Furthermore, the EU Cybersecurity Act, enacted in 2019, establishes a framework for the certification of cybersecurity products and services.

These developments demonstrate the EU's commitment to enhancing cybersecurity at both the organizational and regulatory levels. 

The unfortunate truth is cybersecurity frameworks alone are no longer enough to protect organizations in a world where threats and data breaches are more than one-off occurrences. After all, cybercriminals do not care about frameworks - they care about breaking through a network’s defenses. Robust, proactive, and preparatory work is needed to ensure that businesses can mitigate these threats, reduce their overall risk posture, and orchestrate rapid-response remediation when required. 

Resilience: Adopting A Prevention-First Approach

While traditional cybersecurity measures primarily focus on threat detection and mitigation, adopting a prevention-first approach is crucial when it comes to shoring up resilience. 

Resilience refers to an organization’s ability to not only detect and mitigate threats but have real-time visibility over their networks and the ability to anticipate threats and execute rapid-response measures that reduce or eliminate downtime. 

Rather than solely relying on reactive measures, organizations need to proactively build robust defenses that can withstand potential attacks. This approach emphasizes the importance of identifying vulnerabilities, implementing strong security controls, and continuously monitoring and improving security practices. To effectively address the challenges of the digital age, organizations should embrace the three C's and ensure their solution is comprehensive, consolidated, and collaborative. 

Comprehensive security measures entail a holistic approach, encompassing all aspects of an organization's infrastructure, applications, and data. This includes implementing access controls, regular patching, and encryption protocols, among other measures.

Consolidation refers to the integration and centralization of security tools and technologies. A study conducted by Check Point and Dimensional Research found that 49% of all organizations use between 6 and 40 point security products, while 98% of organizations manage their security products with multiple consoles, creating vulnerability gaps and visibility blind spots. By reducing the number of disparate solutions and unifying security operations, organizations can achieve greater visibility and control over their security landscape at a time when network footprints are rapidly expanding. This enables more efficient threat detection, response, and recovery processes. 

Collaboration highlights the importance of taking a cohesive and joined-up approach to threat detection and mitigation. If one endpoint is compromised, all areas of the organization – including its software supply chain – must mobilize from a security perspective to ensure the threat is contained and cannot spread laterally within the network or impact customer organizations as part of a supply chain attack. Real-time threat intelligence from enforcers, cyber analysts, and the broader cybersecurity community must also be pooled to ensure that the most up-to-date threat information is available to all. 

Making Cybersecurity More Resilient

The concept of cyber resilience goes beyond traditional cybersecurity. It encompasses an organization’s ability to withstand and recover from cyberattacks. While cybersecurity focuses on preventing and detecting attacks, resilience aims to build a fortified environment that can withstand potential threats.

In essence, it involves building that automated barricade rather than relying on an under-resourced army to detect and respond to attacks.

Resilience acknowledges that no security system is perfect, and breaches can occur despite robust preventive measures. Therefore, organizations must focus on building redundancies, developing incident response plans, and establishing backup and recovery mechanisms to ensure business continuity even in the face of a successful attack.

The modern threat landscape requires businesses to go beyond traditional cybersecurity measures and embrace resilience as a critical component of their security strategies.

By adopting a prevention-first approach, leveraging comprehensive, consolidated, and collaborative security measures, and understanding the importance of cyber resilience, organizations can better protect their assets and mitigate the potential impacts of cyber threats. As the digital landscape continues to evolve, businesses must stay vigilant, adapt to emerging challenges, and prioritize resilience above all else. After all, it is better to build your barricades before your army.

Deryck Mitchelson is Field CISO at Check Point Software

You Might Also Read: 

The Reality Check For Small & Medium Businesses:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Employees To Blame For 70% Of Corporate Data Breaches
Innovation In Cyber Security: NDR Meets XDR »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

Internet Security Alliance (ISA)

Internet Security Alliance (ISA)

ISA is an international trade association providing thought leadership in advancing a sustainable system of cyber security.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

Elitecyber Group

Elitecyber Group

Elitecyber group is a team of Cyber Security recruitment experts who work for Cyber Security and Cyber Defence clients and candidates throughout Europe.

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic's main goal is toward establishing an international reference centre for excellence in the field of digital forensics and data recovery services.

SynerLeap

SynerLeap

SynerLeap is ABB's innovation growth hub. Our aim is to help startups accelerate and expand across industries, ranging from industrial automation and robotics to grid technologies and smart cities.

Cyway

Cyway

Cyway is a value-added cybersecurity distributor focusing on on-prem, cloud solutions and hybrid solutions, IoT, AI & machine learning IT security technologies.

SecureWorx

SecureWorx

SecureWorx are a secure multi-cloud MSP, a provider of advanced IT security services and an independent cyber security advisory.

Mode Solutions

Mode Solutions

Mode guarantee IT performance where you need it most, creating seamless and secure solutions that will alleviate pressure from your business.

McKinsey & Company

McKinsey & Company

McKinsey & Company is a global management consulting firm. We are trusted advisor to the world's leading businesses, governments, and institutions.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

COGITANDA Dataprotect

COGITANDA Dataprotect

COGITANDA are a group of companies focused on dealing with cyber risks, managing them and insuring them.

Syteca

Syteca

Syteca is specifically designed to secure organizations against threats caused by insiders. It provides full visibility and control over internal risks.