Critical Components of Cyber Resilience
As with nearly every security initiative, pursuing a cyber resilience strategy cannot happen in a silo. Even with the right process, C-suite leaders need to also leverage people and tools effectively for the initiative to succeed.
People
Training
It is well known that humans are often the weakest link in any security strategy. As stated earlier, 74% of all corporate data breaches involved people. For a cyber resilience program to succeed, it needs to also include robust cybersecurity policies and employee training.
Culture
Anticipating, adapting to and overcoming breaches requires cultural shifts in how businesses manage risk. As happened with the shift into DevOps, our conversations around incidents need to become blameless. Given the mounting pressures, there simply is no space for blame culture. Starting with blame-orientated questions will make things worse and cause people – your most important asset – to ignore or avoid potential security issues. It’s better to strengthen your organization’s security culture through shame-free training and awareness, ultimately addressing root causes as the most effective way to build a cyber resilient culture.
Remember: You want your staff and leadership to flag potential problems. If they can see an issue, it’s likely your adversaries can as well.
Communication and Collaboration
Effective communication within an organization and with external stakeholders is crucial before, during, and after a cyber incident. Promptly notifying relevant parties, such as customers, partners, and regulatory bodies, builds trust and allows for coordinated efforts to mitigate the impact of the attack.
Burying your head in the sand will not work.
Take the positive example of Werner Lanthaler who rushed to the office after learning his biotech company Evotec had been hacked. In what may become an example for others to follow, according to the Wall Street Journal, Lanthaler took an “uncommonly active, public role in the cyber response at Evotec. He communicated personally with business partners, wrote an open letter about the attack in the midst of Evotec’s ordeal and held town-hall meetings with employees every few days to provide updates.”
Tools
Prevention
Looking through the eyes of an attacker and taking proactive measures to harden any weaknesses an attacker would see is acknowledged as the way forward to significantly reduce the likelihood of a successful cyber breach.
Standard measures include protection against:
- Exact domain impersonation
- Lookalike domain impersonation
- Logo and brand abuse
- Invalid certificates and certificate chains
- Open ports
- DNS and dangling DNS issues
- Usage of HTTP not HTTPS
By implementing strong preventive measures, organizations can significantly reduce the likelihood of successful cyber breaches.
Security experts often refer to the multiple stages of an attack as a “cyber kill chain.” To defend your organization, you need protection at each stage of the chain.
As Cisco notes in a recent report, the bad news is that “no single technology can eliminate ransomware by itself because you need to protect multiple points of entry and spread.”
Detection and Response
Despite preventive measures, cyber incidents can still occur. As former FBI Director Robert Mueller put it at RSA in 2012: it is no longer a question of “if,” but “when” and “how often. I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.
Therefore, organizations must invest in advanced threat detection systems and establish risk management plans. After all, timely detection and swift response can help mitigate the impact of attacks, minimize data loss and protect critical systems.