How Does Your Board Measure Cyber Resilience?

Organizations are facing an uphill battle. The volume of cyberattacks has risen year-on-year, with a 38% increase in 2022 compared to the previous year. In the UK alone, an organization is being targeted on average 855 times per week over the last six months. Supply chain attacks continue to challenge organizations.

Zero-day vulnerabilities are being uncovered daily, with the most recent prolific incident being the 3CX compromise found in March 2023.

The geopolitical landscape has never been more fractured in response to the Russo-Ukraine war, and ransomware has evolved beyond classic encryption to more sophisticated data extortion. All of this has created the perfect conditions for cybercriminals to thrive and for businesses to stay out of danger. 

So, what is the solution? In today's interconnected world, where digital technologies play a vital role in business operations, organizations need a proactive and comprehensive approach to cybersecurity, one that goes beyond traditional preventative measures. Enter cyber resilience: the ability of organizations to withstand, respond to, and recover from cyber incidents while maintaining essential operations and protecting critical assets. Cyber resilience is not just about dealing with threats, it’s about the board’s overall ability to make informed decisions on how to mitigate risk and ensure that data is protected. With such a tall order, the question is - where do you even begin?

Taking A Risk-Based View

Many organizations opt for widely recognized guidelines and standards as a starting point to establish a common framework for cybersecurity and risk analysis. Two prominent tools are the National Institute of Standards and Technology (NIST) framework and the MITRE ATT&CK framework. These provide organizations with structured approaches to identify, protect, detect, respond to, and recover from cyber threats. By adhering to these frameworks, businesses can enhance their overall cybersecurity posture and strengthen their ability to withstand potential attacks.

To implement such frameworks effectively, organizations should first assess their current cybersecurity capabilities and identify any gaps or vulnerabilities. This will help determine which framework is most suitable for their needs. Next, they need to establish a dedicated team responsible for overseeing the implementation and ongoing management of the framework. This team will map the framework's controls and guidelines to the organization's existing infrastructure and processes, ensuring the framework is aligned with the specific requirements and risks the business faces.

In the European Union (EU), recent developments have also highlighted the growing emphasis on resilience. The EU's Network and Information Security (NIS) Directive, implemented in 2018, requires organizations to adopt appropriate measures to ensure the security and resilience of their network and information systems. Furthermore, the EU Cybersecurity Act, enacted in 2019, establishes a framework for the certification of cybersecurity products and services.

These developments demonstrate the EU's commitment to enhancing cybersecurity at both the organizational and regulatory levels. 

The unfortunate truth is cybersecurity frameworks alone are no longer enough to protect organizations in a world where threats and data breaches are more than one-off occurrences. After all, cybercriminals do not care about frameworks - they care about breaking through a network’s defenses. Robust, proactive, and preparatory work is needed to ensure that businesses can mitigate these threats, reduce their overall risk posture, and orchestrate rapid-response remediation when required. 

Resilience: Adopting A Prevention-First Approach

While traditional cybersecurity measures primarily focus on threat detection and mitigation, adopting a prevention-first approach is crucial when it comes to shoring up resilience. 

Resilience refers to an organization’s ability to not only detect and mitigate threats but have real-time visibility over their networks and the ability to anticipate threats and execute rapid-response measures that reduce or eliminate downtime. 

Rather than solely relying on reactive measures, organizations need to proactively build robust defenses that can withstand potential attacks. This approach emphasizes the importance of identifying vulnerabilities, implementing strong security controls, and continuously monitoring and improving security practices. To effectively address the challenges of the digital age, organizations should embrace the three C's and ensure their solution is comprehensive, consolidated, and collaborative. 

Comprehensive security measures entail a holistic approach, encompassing all aspects of an organization's infrastructure, applications, and data. This includes implementing access controls, regular patching, and encryption protocols, among other measures.

Consolidation refers to the integration and centralization of security tools and technologies. A study conducted by Check Point and Dimensional Research found that 49% of all organizations use between 6 and 40 point security products, while 98% of organizations manage their security products with multiple consoles, creating vulnerability gaps and visibility blind spots. By reducing the number of disparate solutions and unifying security operations, organizations can achieve greater visibility and control over their security landscape at a time when network footprints are rapidly expanding. This enables more efficient threat detection, response, and recovery processes. 

Collaboration highlights the importance of taking a cohesive and joined-up approach to threat detection and mitigation. If one endpoint is compromised, all areas of the organization – including its software supply chain – must mobilize from a security perspective to ensure the threat is contained and cannot spread laterally within the network or impact customer organizations as part of a supply chain attack. Real-time threat intelligence from enforcers, cyber analysts, and the broader cybersecurity community must also be pooled to ensure that the most up-to-date threat information is available to all. 

Making Cybersecurity More Resilient

The concept of cyber resilience goes beyond traditional cybersecurity. It encompasses an organization’s ability to withstand and recover from cyberattacks. While cybersecurity focuses on preventing and detecting attacks, resilience aims to build a fortified environment that can withstand potential threats.

In essence, it involves building that automated barricade rather than relying on an under-resourced army to detect and respond to attacks.

Resilience acknowledges that no security system is perfect, and breaches can occur despite robust preventive measures. Therefore, organizations must focus on building redundancies, developing incident response plans, and establishing backup and recovery mechanisms to ensure business continuity even in the face of a successful attack.

The modern threat landscape requires businesses to go beyond traditional cybersecurity measures and embrace resilience as a critical component of their security strategies.

By adopting a prevention-first approach, leveraging comprehensive, consolidated, and collaborative security measures, and understanding the importance of cyber resilience, organizations can better protect their assets and mitigate the potential impacts of cyber threats. As the digital landscape continues to evolve, businesses must stay vigilant, adapt to emerging challenges, and prioritize resilience above all else. After all, it is better to build your barricades before your army.

Deryck Mitchelson is Field CISO at Check Point Software

You Might Also Read: 

The Reality Check For Small & Medium Businesses:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Employees To Blame For 70% Of Corporate Data Breaches
Innovation In Cyber Security: NDR Meets XDR »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DriveLock

DriveLock

Our security solution is designed to prevent external attacks, which are evermore sophisticated as well as monitor, document and even prevent internal incidents.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

Hysolate

Hysolate

Hysolate has transformed the endpoint, making it the secure and productive environment it was meant to be.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

CWSI

CWSI

CWSI provide a full suite of enterprise mobility, security and productivity solutions to many of Ireland and the UK’s most respected organisations across a wide range of industry and public sectors.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

Sec-Ops

Sec-Ops

Sec-Ops is a forward thinking cyber security company, formed by a group of security enthusiasts with years of experience and backgrounds in the technology and the government industries.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

LimaCharlie

LimaCharlie

LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility, build what you want, control your data, get the security capabilities you need.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.

Network Coverage

Network Coverage

Network Coverage align, maintain, and integrate technology and cloud solutions with business operations to improve productivity and security with as few issues and disruptions as possible.

CompassMSP

CompassMSP

CompassMSP deliver Managed IT and cybersecurity solutions designed to unleash your business's full potential.