Cyber resilience is the ability of an organization to enable business acceleration (enterprise resiliency) by preparing for, responding to, and recovering from cyber threats. A cyber-resilient organization can adapt to known and unknown crises, threats, adversities, and challenges.
The ultimate goal of cyber resiliency is to help an organization thrive in the face of adverse conditions (crisis, pandemic, financial volatility, etc.).
Take the Assessment
What is enterprise resilience?
Enterprise resilience is the ability for an organization to address strategic, financial, operational, and information (cyber) risk in a manner to drive business growth, profitability, and sustained modernization (digital transformation).
Why is enterprise resiliency relevant in the era of (COVID-19) crisis management?
COVID-19 caused businesses to react and change in many ways. It touched enterprise workforces, supply chains, liquidity, and provided many other opportunities to pivot in response to risk. Chief among these is the conversion of traditional channels to digital, both during and after the pandemic. Other risk-based opportunities include:
- Strategic: Strategic risks can affect the sustainability of an organization. These include geo-political, business continuity, reputation, trust, competition, regulatory, Insurance, and legal risks.
- Financial: Financial risks can undermine the liquidity and capital, cash flow, volatility, solvency, and have implications for regulators, tax complexities, and employee outsourcing.
- Operational: Operational risks can affect the way organizations operate – their processes and people. They include employee well-being and safety, dissolution of physical controls, supply chains, third parties, business process outsourcing, automation, artificial intelligence, and robotics.
- Information and cyber: These are the most critical to cyber resiliency, and include the explosion of digital, exponential use of new technologies, remote workforce, SDN attack surface, insider threats, dynamic end-point risk, and zero-trust attack surface.
Pandemics are not the only things from which businesses need to build resiliency. While COVID-19 was a once-in-a-lifetime event, any type of unforeseen circumstances, including forces of nature, abrupt shifts in the economy, terrorism (physical or cyber), and more, all need to be part of comprehensive disaster recovery planning for building enterprise resilience.
How does cyber resiliency enable enterprise resiliency?
Business continuity enables an organization to continue its core business functions in the face of disaster, attack, or other interventional forces. Often, businesses have disaster recovery plans that revolve around natural disasters. A good disaster recovery plan will include a strategy to remain cyber resilient during these events, as well as any other occurrence that puts critical systems at risk.
The key to driving enterprise resiliency is to build crisis “shock-absorbers” to sustain business operations, customer outreach, and non-stop business transformation during times of crisis. Digital transformation is a good strategy for building enterprise resiliency. For example, digitally-enabled organizations were able to “quickly pivot” during COVID-19 and address supply chain issues, customer disruptions, and bring innovative products and services to their customers.
How does cyber resiliency support digital transformation?
Cyber resiliency plays a critical role in driving digital transformation (which then enables enterprise resiliency and continuity). For example, organizations that embed cybersecurity at inception are better able to drive high-velocity (Agile) development, robust, and resilient platforms.
What are the components of cyber resilience?
A comprehensive digital transformation that addresses cyber resiliency requires integration of cybersecurity throughout the enterprise lifecycle – to protect the business, detect for changing risk surface, and evolve the capability to address with changing threats.
A good cyber resiliency strategy protects your systems, your applications, and your data. You need to ensure that only authorized users can access your systems and that you can track them wherever they go once they are in through strong identity access management. You also need to be able to detect vulnerabilities in your applications – finding any weaknesses that might be exploited. Finally, the privacy of your data – information about your customers, your employees, and your organization’s intellectual property – must be guarded with the highest levels of security.
Protect your data
The second part of a good cyber resiliency strategy is to detect when someone is trying to act maliciously against you. This can be very challenging as bad actors become more sophisticated and work in more covert ways to breach your environment. Plus, these advanced threats aren’t limited to the outside. Some breaches begin inside an organization. The average delay in breach detection and containment is 280 days. During this time, the bad actors can be stealing or destroying data and even damaging the systems themselves without anyone knowing.
To adequately detect security risks, companies must understand what data they hold and where it resides. Mapping your data enables you to understand its importance, govern it according to applicable regulatory demands, and minimize the risk of non-compliance, theft, and more.
It’s also helpful for security teams to understand individual user behavior. When you understand what someone’s “normal” actions are on the system, it’s easier to identify behaviors that don’t meet the patterns and might be putting the company at risk.
One reason why security teams struggle with detection is that many solutions generate so much data that they create “false positives.” In fact, so much data is generated that it’s often hard to determine what is an actual threat. SOCs just don’t have the time to look at each alert individually and evaluate the risk. That’s why any good solution will have the ability to evaluate and automate responses, and then elevate higher-risk alerts to the security team for action.
A major component of cyber resilience is the ability to adapt and evolve your security posture to stay ahead of threats. Hackers are constantly finding new ways to exploit vulnerabilities. They know that there will eventually be a fix for what worked yesterday, so they’re constantly trying to figure out what will work tomorrow. A cyber resilient organization will anticipate the new attack vectors through threat modeling and work to defend them even before they become a vulnerability.
To evolve requires the ability to quickly deploy and integrate existing and new services, both on-premises and in the cloud. It also requires access to industry intellectual property and best practices – ideally built into the products and tools being used for security. And, it involves being able to rapidly correlate data using mathematical models and machine learning so you can make data-driven decisions.
Evolve your security posture
Seven stages of an integrated lifecycle that accelerates cyber resilience
To measure how cyber resilience efforts are progressing, there are seven areas to assess.
- Stage 1 – Strategize:
Cyber governance, structure, and sensing capability to anticipate and address adverse business or cyber events.
- Stage 2 – Withstand:
Adaptive, mission-preserving cyber defense framework that can withstand threats to the business.
- Stage 3 – Defend:
Defend against disruptive cyber events based on a robust, self-healing digital immunity, and active cyber defense.
- Stage 4 – Inspect:
Real-time cyber visibility on real-time threats, through machine-added detection, automated hunting, and advanced situational awareness.
- Stage 5 – Observe:
Reliance on automation, machine learning, and adaptive cyber-threat detection to address future threats to the business.
- Stage 6 – Recover:
Ability to rapidly restore digital platforms, adapt, and recover mission-critical systems to avoid business interruption.
- Stage 7 – Adapt:
Continuously self-assess and measure the state of cyber performance and continuous improvement to support the business.
How can cyber resilience be improved?
An effective cyber resiliency strategy will include components of multiple cybersecurity solutions. These include:
Artificial intelligence and machine learning
Artificial intelligence and machine learning (AI/ML) are important contributors to effective cyber resilience. With the mountains of data generated by security solutions, the use of systems that can analyze behaviors and risk and automate response can significantly increase an organization’s ability to intelligently adapt to vulnerabilities and attacks.
Ensuring data security is a primary component of both cybersecurity and cyber resiliency. This includes data in both structured and unstructured formats. You need to be able to analyze the data you have, as well as glean important insights so you can stay compliant with privacy and other governmental regulations.
Application security begins in your application development process. Testing needs to be scalable, flexible for on-premises or on-demand, and integrate with your DevOps. It should include developer-friendly processes and the code should be easily navigable.
Identity and access management
Identity and access management is the ability to manage the “who” (employees, customers) and “what” (devices, services) that access your systems and data. It enables you to develop trusted identities with the right level of access. Knowing the normal patterns of these identities makes it easier to identify when abnormal patterns appear.
Security operations solutions need to enhance the productivity of resources, especially considering the current security talent shortages. Security orchestration, automation, and response (SOAR) systems and security information and event management (SIEM) systems are two important aspects of productive security operations.
Why care about cyber resilience?
The security landscape is constantly changing. From hackers, to disasters, to changing business models and more, an approach to cybersecurity that is flexible, adaptable, and resilient is the best path to business continuity. A cyber resilient organization can realize many benefits:
- Fewer incidents: Cyber resiliency increases an organization’s cybersecurity posture and its ability to prioritize and respond to risk. When security operations centers (SOCs) can easily filter out false positives, they can focus their attention on true threats and reduce the number of security incidents that take place.
- Fewer fines and penalties: When an organization is cyber resilient, it can more easily identify and protect the data it collects and complies with regulatory and governmental oversight. This means fewer fines and penalties and reduces the risk for lawsuits.
- Less risk of breach: Robust cyber resiliency can help reduce the risk of a CSO’s worst nightmare – a security breach. Breaches can affect you not only from a technology standpoint, but can also stop vital business processes and cause a public relations nightmare that damages your reputation.
- Enhanced reputation: In today’s climate, customers are wary about trusting organizations with their data. Seeing a brand name associated with a breach can deteriorate that trust, but brands who work diligently to protect customer data can develop a loyal following that eventually translates into an enhanced bottom line.
How does Micro Focus help with cyber resilience?
Micro Focus develops integrated cybersecurity solutions to enhance your intelligence and cyber resilience and protect against advanced cyberthreats at scale. We understand your persistent challenges with evolving market demands; changing security landscapes; hybrid IT environments with new and existing device variations; and limited personnel, talent, and resources.
Our solutions enable InfoSec teams to identify, trace, and learn from threats through behavior and pattern analysis with machine learning. Application development teams can use DevOps methods to secure and continuously scan applications for vulnerabilities. Data engineering units are empowered to oversee and secure structured data and unstructured data. IT security departments can manage identities and access throughout the global infrastructure to enforce policies and procedures to secure critical data and systems. We empower you by using artificial intelligence and connected insights as a guiding principle to structure a resilient culture and to adapt to the needs of your enterprise as it grows, expands, and evolves.
What else do I need to know about cyber resilience?
Cyber resilience legislation
Because of the increasing importance of cyber resilience, many countries have passed legislation to protect organizations, individuals, and their states. Some of the countries who have passed cyber resilience initiatives include:
Australia has both state and federal laws against hacking. It also requires organizations to take reasonable action to prevent, mitigate, and manage cybersecurity incidents.
Bulgaria published a National Cyber Security Strategy to be cyber resilient by 2020.
The United States has both federal and state laws to ensure the protection of data and critical infrastructure. California has many privacy laws, including the recently passed California Consumer Privacy Act, and has begun enforcing it following a six-month pandemic delay. An example of federal cybersecurity laws that protect privacy include the Health Insurance Portability and Accountability Act (HIPAA) passed in 1996. The Federal Government is currently debating whether to provide grants to states to help enhance their cyber resiliency.
Here is an interesting site about the status of cybersecurity legislation across the United States.
The United Kingdom participates in European Union cyber resilience strategies such as General Data Protection and Regulation laws. It also has organizations such as the Cyber Resilience Alliance that focus on cybersecurity in the UK, with the goal of helping it become “one of the most secure, capable, and cyber resilient countries in the world.”
Cybersecurity vs. cyber resilience
Cybersecurity is the protection of computer systems and endpoints from theft or damage. It can apply to closed systems, but is most often used to refer to the protection of internet-connected devices and networks, often referred to as “the internet of things” (IoT). Good cybersecurity is an essential element of cyber resilience. Cybersecurity protects information collected from employees, vendors, and customers; critical infrastructure and processes; and the intellectual property upon which the business is built.
Cyber resiliency enables organizations to secure the business, reduce exposure time to cyberthreats, and reduce the impact of attacks to help ensure continued sustainability.
What is cyber risk?
Enterprise cyber risk is financial, reputation, or liability risk that arises from the misuse of data, systems, or exploitation of users.
What is a cyber attack?
A cyberattack is a subset of cyber risk, and is a broad term with multiple definitions. In general it is an attempt to steal, alter, or destroy personal data or intellectual property. It can also interfere with critical functionality (such as a denial of service attack) in order to damage a business’ ability to function. Targets can include computer information systems, computer infrastructure, computer networks, and even personal computing devices.
The first step in a cyberattack is to gain access to the targeted system. This can be done online through techniques such as “phishing” or “spoofing.” But no method is off the table for an attacker. Phone calls asking for your personally identifiable information (PII) and even stealing access badges to gain illicit entry to buildings are some of the ways that attackers can gain the necessary information to begin their assault.
Who performs cyber attacks?
“Threat actor” is the name given to cyber attackers. Threat actors can be individuals, groups, organizations, or even nation states. Sometimes they will attack because there is an opportunity, and sometimes they have very specific, target reasons.
Individual threat actors are often called hackers, and can have very different motivations. “Black hat” hackers have malicious intent – stealing, destroying, and moving through computer systems without the owner’s permission. “White hats,” on the other hand, work with system owners against black hats to protect systems and data from theft, destruction, or even ransom. Of course, there are “gray hats” as well. They act as mercenaries for groups that pay them for their cyber-skills.