What’s the point of cyber resilience?

When a successful cyberattack hits, can you survive it? Or will you be knocked out of the game?

By Bill Clark

Fri 31 May 2019 @ 16:11

“It doesn’t matter if you get knocked down, it matters that you get back up.”

That old motivational poster contains wisdom that is still relevant, especially in the world of cybersecurity.

Thankfully, it is now widely accepted that cybersecurity is a requirement for business and should be a matter of concern for the board of directors. While it can still be a challenge to communicate cybersecurity concerns to the board the discussion is taking place.

That’s a great first step, but it is only the first step.

Resilient, not just resistant

Much of the previous conversation around cybersecurity has been about making organisations resistant to cyberattacks. From firewalls and virus scans to mandatory staff training, organisations have sunk time and money into making themselves resistant to cyberattacks. That’s great and definitely a necessary step; however, it can breed overconfidence.

Achieving cyber resilience is the next step organisations need to take. The average UK business is subject to 231,038 cyberattacks per year. It may not be possible to keep them all out. As a result, resilience – how quickly and how well an organisation can recover from attacks – will determine who will survive.

Resilience allows an organisation to switch to backup systems, enable contingency plans and continue operations with minimum delay.

Recent ransomware attacks, including NotPetya and WannaCry, have shown how successful cyberattacks can knock out organisations. WannaCry disrupted the NHS, shutting down hospitals as systems became inaccessible. A recent survey result showing 70 per cent of organisations polled would pay up if hit by ransomware shows cyber resilience is desperately needed.

According to global consultancy Accenture, five key steps can help move an organisation toward cyber resilience:

1. Build a strong defence to attacks inside and out and plan your response to a breach

2. Test your defences, with debriefings and coaching to identify what needs improvement

3. Use the best technologies, such as AI, SOAR and machine learning to enable quick detection, response and mitigation

4. Be proactive by gathering intelligence about network behaviour and identify suspicious activity to anticipate potential attacks

5. Get a CISO who understands the evolving threat landscape and the business and integrate them into business leadership

Resistance and resilience in partnership

Cyber resilience is not a replacement for cybersecurity. Organisations must still continue to mature their security operations to give themselves greater resistance to attackers. This is crucial to protect data and keep breaches to an absolute minimum.

Security maturity also provides greater resilience as more mature organisations are able to detect and respond to cyberthreats more rapidly. If an organisation’s systems are unavailable for a short time, it can be an inconvenience, but a quick and decisive response, and the ability to maintain operations, can reassure clients and stakeholders. The longer an organisation is knocked out, the greater the negative impact on it.

After a successful attack, an organisation must answer several questions: Where did they come from? How did they gain access? Why did they attack? What did they get? Have they been shut down? What operations are affected? How do we carry on?

That final question – carrying on – makes all the difference. A business exists to provide goods and services, and continuing to do so effectively and efficiently is what every element of the business, including IT, is about. Senior management needs to develop a holistic vision around cybersecurity and cyber resilience to ensure this happens.

A clear view into what is happening across the entire operation, including the Internet of Things, point of sale (POS) systems and supply chain systems, is required as an attack can come from anywhere and crippling any part of the system can cripple an organisation.

A strong next-generation SIEM will help deal with all of these questions and build a secure and resilient organisation by providing an integrated picture and enabling real-time responses.

Learn more

Learn how LogRhythm can help make cyber resilience part of your business.