May 12, 2020 By Douglas Bonderud 4 min read

Cyber resilience emerged as a response to the evolving need for information security. Organizations recognized that attacks were a question of when, not if, and adapted security strategy to include orchestrated response and recovery frameworks that could identify critical assets, protect key data, detect potential issues, respond to immediate threats and jump-start recovery to get businesses back on track.

As a result, enterprises went to work on building resilience “funnels” — strategies that aggregate and address issues along the traditional corporate IT stack, from local servers to third-party providers and hybrid cloud services. The advent of democratized technologies and delocalized work, however, has created a new attack avenue. Instead of funneling down into common cyber resilience capture points, many attackers take a sideways approach that targets remote users, lateral services or public connections.

To solve for emerging attack vectors, organizations need a new defensive design: the cyber resilience web. Not sure where to start? Let’s break down six critical components of this security string theory.

1. Start With Support

The first pillar of any cyber resilience framework is identification: locating key business applications and any associated risks. In the context of a cybersecurity web, this expands to include identifying key supports, specifically from the C-suite.

Why? Because effective webs need firm foundations to deliver consistent results over time. Broad security strategy that lacks boardroom budgets and boosters won’t hold for long. As a recent IDC white paper notes, the scope of support also matters. Along with C-suite champions, organizations need stakeholder buy-in from data owners, IT teams and frontline employees.

Ultimately, webs must cast a wide net to encompass the new realities of enterprise IT efforts. Identifying and cultivating key supports is essential to delivering security strength at scale.

2. Build Big

Protection comes next. In the context of depth-based cyber resilience, this means leveraging first-line defenses such as firewalls, malware detection tools and runtime application self-protection (RASP) solutions. Building out breadth to remediate and recover from attacks tied to expanding 5G networks, emerging industrial internet of things (IIoT) devices and the evolving security risks of remote work collaboration tools, however, requires thinking big.

Here, the focus is on designing security strategy that doesn’t just build up the infosec funnel, but also builds out along new lines of work. Front-line solutions such as virtual private networks (VPNs) can help mitigate obvious threats, but the broader goal is to generate policies and procedures that loop in all users and devices.

For example, remote workers need training on how to recognize potential phishing attacks or malware infections, and it’s worth creating a dedicated channel for them to report issues and get help from IT teams. While this might mean leveraging a third-party provider to help manage cyber resilience at scale, it’s worth the effort to build the biggest web possible.

3. Stick the Landing

As the “2019 Cost of a Data Breach Report” notes, it takes enterprises almost 200 days on average to detect a breach — and another 69 days to contain it. Although these timelines are going down as security technologies improve, there is another problem: attacks that escape unseen.

For web-building businesses, the goal here is “stickiness” — ensuring that identification and detection tools are sensitive and speedy enough to detect threats at a distance. Accomplishing this goal means recognizing fundamental shifts in collaborative and operational frameworks.

Venture Beat notes that “human layer” attacks are on the rise now that video conferencing and on-demand collaboration are essential functions. Traditional security tools can’t stick the landing here, since they’re built to detect predictable patterns and find potential faults. Instead, organizations need to lean on the emerging asset of artificial intelligence (AI) solutions able to account for human behavior and quickly raise red flags.

4. Mind the Gap

Response forms the backbone of any effective cyber resilience strategy. Organizations need ordered, well-orchestrated response plans to get back on their feet and back to business as usual after a cyberattack.

When it comes to webs, however, it’s critical to mind the gap and adjust key openings as necessary. IT teams already suffer from alert fatigue — the result of an overabundance of reports and alerts from security solutions. Expanding security strategy across the breadth of on-demand technologies tends to come with massive alert increases, which can make it virtually impossible for staff to keep pace, let alone get ahead.

In this case, it’s about defining a threshold and then expanding — or contracting — web gaps to match infosec expectations. Your best bet is combining automation with incident analysis. Automated tools allow organizations to tighten up their web with security solutions capable of responding and remediating specific threat categories without human assistance. Staff can then define alert triggers for more worrisome threats, such as odd access requests or large file transfers, and address them ASAP.

5. Test the Tensile Strength

Recovery is the final step in the cyber resilience life cycle, and it encompasses tools and techniques needed to evaluate response, ensure remediation and allow companies to resume essential operations. For our web-based defense design, recovery means testing the tensile strength by making sure that polices and procedures are working as intended.

In practice, this means regularly developing and evaluating security polices to ensure they reflect current trends. Employee education is the first step. All staff need training in secure IT use, no matter when, where or how they connect. Next is testing. This should include third-party assessments and pen tests as well as simulated in-house phishing campaigns to evaluate staff readiness. Simply put: It’s better to break the web yourself, build a better one and try again than to have a hacker break it for you.

6. Get a Leg Up

Cyber resilience web strategies also offer the opportunity to go beyond typical life cycle limits by proactively engaging with potential threats. That’s because the broad nature of web security strategy affords access to massive infosec datasets across multiple threat channels. By combining advanced threat identification with next-generation analysis, organizations can both defend against current attacks and predict potential vectors to secure corporate networks at scale.

Resilience is required to get a business back on track. Funnels form the foundation, but increasing work diversification and IT democratization demands web-based designs that support rapid remediation and recovery.

More from Risk Management

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today