In cybersecurity as in most jobs, problems don’t happen one at a time, you’re bound to have a few at once. Speakers at the RSA Conference 2021 talked about this in terms of maintaining cyber resilience in chaos. So, what does the buzzword ‘cyber resilience’ really mean? And why is it important to be able to embrace chaos in your day-to-day work? 

Cyber attacks are on the rise. Between June 2019 and June 2020, the Ponemon Institute observed a 64% rise in the severity of digital attacks targeting businesses and agencies. It witnessed an even greater increase in the volume of digital attacks during the same period, at 67%.

Even so, none of that prevented defenders from achieving cyber resilience. According to the Ponemon Institute, the proportion of organizations that achieved a high level of cyber resilience increased by more than half from 35% in 2015 to 53% in 2020. The proportion with cybersecurity incident response plans also grew 44% over those five years.

What Is Cyber Resilience?

Cyber resilience means you’re capable of preventing, detecting, containing and responding to a variety of digital threats — at least to some degree. It isn’t binary, after all. It’s a spectrum not only of degree but of aptitude.

Rohit Ghai, CEO of RSA, put it this way in his keynote for RSA Conference 2021:

Being resilient is not good enough. We must be good at resilience. Resilience isn’t just about getting up when you fall. To be good at it, we must fall less often, withstand the fall better and rise up every time.

Ghai’s first point, falling less often, is challenging in light of changing network setups. Just take what’s happened with the cloud as an example. According to IDC, more than a third of organizations purchased over 30 different types of cloud services from 16+ vendors in 2019 alone. (That’s before the events of 2020.)

Such a distributed deployment landscape contributes to a sense of chaos regarding security ownership over different cloud apps and services. It could also explain why organizations don’t always take certain security processes into their own hands. Indeed, two-thirds of respondents in another survey said they relied on their cloud providers to ensure their baseline security, a position which puts themselves at even greater risk of data exfiltration and other attacks. Cyber resilience is a balance between too many tools and too few; too much attention paid to attacks or too little.

A Three-Pronged Approach to Security in Chaos

The chaos referenced above isn’t limited to the cloud. Machine and human actors are learning and working together across multiple environments, both cloud-based and on-premises. In the process, they’re using Internet of Things (IoT) products, containers and an expanding number of devices.

All this makes keeping your data safe more complex. In doing so, it raises an important question: how can you secure chaos?

Ghai gave the answer in his keynote:

You can’t. You don’t. You focus on resilience by embracing chaos. How? One, expect the unexpected. Two, trust no one. And three, compartmentalize failure zones.

How to Cut Down on Chaos

Here’s what cyber resilience looks like in practice. First, you need to have visibility of all your hardware and software, as well as network traffic. Knowing that, you can implement security controls to protect your most critical data and assets. You can then use penetration testing to see how those measures stand up against an actual attack.

As for the second point, some might say those who trust no one have zero trust. In this regard, organizations can use encryption, multi-factor authentication, principle of least privilege and other security controls. Those help build the architecture needed for validating connection attempts on an ongoing basis. It’s important that they also focus on compartmentalizing failure zones as part of their zero-trust efforts. There’s no need for every asset to have access to the entire network, after all. With that in mind, use network segmentation to ensure that a potential device or account compromise doesn’t spread across their entire digital infrastructure.

Chaos isn’t something that defenders can control. It’s a state of nature, and as such, they can choose to fight against it or flow with it. Knowing where you stand with cyber resilience helps. By accepting the latter and embracing chaos, organizations can put themselves into a stable security position where they’re less inclined to fall going forward.

More from Incident Response

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today