In cybersecurity as in most jobs, problems don’t happen one at a time, you’re bound to have a few at once. Speakers at the RSA Conference 2021 talked about this in terms of maintaining cyber resilience in chaos. So, what does the buzzword ‘cyber resilience’ really mean? And why is it important to be able to embrace chaos in your day-to-day work? 

Cyber attacks are on the rise. Between June 2019 and June 2020, the Ponemon Institute observed a 64% rise in the severity of digital attacks targeting businesses and agencies. It witnessed an even greater increase in the volume of digital attacks during the same period, at 67%.

Even so, none of that prevented defenders from achieving cyber resilience. According to the Ponemon Institute, the proportion of organizations that achieved a high level of cyber resilience increased by more than half from 35% in 2015 to 53% in 2020. The proportion with cybersecurity incident response plans also grew 44% over those five years.

What Is Cyber Resilience?

Cyber resilience means you’re capable of preventing, detecting, containing and responding to a variety of digital threats — at least to some degree. It isn’t binary, after all. It’s a spectrum not only of degree but of aptitude.

Rohit Ghai, CEO of RSA, put it this way in his keynote for RSA Conference 2021:

Being resilient is not good enough. We must be good at resilience. Resilience isn’t just about getting up when you fall. To be good at it, we must fall less often, withstand the fall better and rise up every time.

Ghai’s first point, falling less often, is challenging in light of changing network setups. Just take what’s happened with the cloud as an example. According to IDC, more than a third of organizations purchased over 30 different types of cloud services from 16+ vendors in 2019 alone. (That’s before the events of 2020.)

Such a distributed deployment landscape contributes to a sense of chaos regarding security ownership over different cloud apps and services. It could also explain why organizations don’t always take certain security processes into their own hands. Indeed, two-thirds of respondents in another survey said they relied on their cloud providers to ensure their baseline security, a position which puts themselves at even greater risk of data exfiltration and other attacks. Cyber resilience is a balance between too many tools and too few; too much attention paid to attacks or too little.

A Three-Pronged Approach to Security in Chaos

The chaos referenced above isn’t limited to the cloud. Machine and human actors are learning and working together across multiple environments, both cloud-based and on-premises. In the process, they’re using Internet of Things (IoT) products, containers and an expanding number of devices.

All this makes keeping your data safe more complex. In doing so, it raises an important question: how can you secure chaos?

Ghai gave the answer in his keynote:

You can’t. You don’t. You focus on resilience by embracing chaos. How? One, expect the unexpected. Two, trust no one. And three, compartmentalize failure zones.

How to Cut Down on Chaos

Here’s what cyber resilience looks like in practice. First, you need to have visibility of all your hardware and software, as well as network traffic. Knowing that, you can implement security controls to protect your most critical data and assets. You can then use penetration testing to see how those measures stand up against an actual attack.

As for the second point, some might say those who trust no one have zero trust. In this regard, organizations can use encryption, multi-factor authentication, principle of least privilege and other security controls. Those help build the architecture needed for validating connection attempts on an ongoing basis. It’s important that they also focus on compartmentalizing failure zones as part of their zero-trust efforts. There’s no need for every asset to have access to the entire network, after all. With that in mind, use network segmentation to ensure that a potential device or account compromise doesn’t spread across their entire digital infrastructure.

Chaos isn’t something that defenders can control. It’s a state of nature, and as such, they can choose to fight against it or flow with it. Knowing where you stand with cyber resilience helps. By accepting the latter and embracing chaos, organizations can put themselves into a stable security position where they’re less inclined to fall going forward.

More from Incident Response

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today