Cyber resilience emerged as a response to the evolving need for information security. Organizations recognized that attacks were a question of when, not if, and adapted security strategy to include orchestrated response and recovery frameworks that could identify critical assets, protect key data, detect potential issues, respond to immediate threats and jump-start recovery to get businesses back on track.
As a result, enterprises went to work on building resilience “funnels” — strategies that aggregate and address issues along the traditional corporate IT stack, from local servers to third-party providers and hybrid cloud services. The advent of democratized technologies and delocalized work, however, has created a new attack avenue. Instead of funneling down into common cyber resilience capture points, many attackers take a sideways approach that targets remote users, lateral services or public connections.
To solve for emerging attack vectors, organizations need a new defensive design: the cyber resilience web. Not sure where to start? Let’s break down six critical components of this security string theory.
1. Start With Support
The first pillar of any cyber resilience framework is identification: locating key business applications and any associated risks. In the context of a cybersecurity web, this expands to include identifying key supports, specifically from the C-suite.
Why? Because effective webs need firm foundations to deliver consistent results over time. Broad security strategy that lacks boardroom budgets and boosters won’t hold for long. As a recent IDC white paper notes, the scope of support also matters. Along with C-suite champions, organizations need stakeholder buy-in from data owners, IT teams and frontline employees.
Ultimately, webs must cast a wide net to encompass the new realities of enterprise IT efforts. Identifying and cultivating key supports is essential to delivering security strength at scale.
2. Build Big
Protection comes next. In the context of depth-based cyber resilience, this means leveraging first-line defenses such as firewalls, malware detection tools and runtime application self-protection (RASP) solutions. Building out breadth to remediate and recover from attacks tied to expanding 5G networks, emerging industrial internet of things (IIoT) devices and the evolving security risks of remote work collaboration tools, however, requires thinking big.
Here, the focus is on designing security strategy that doesn’t just build up the infosec funnel, but also builds out along new lines of work. Front-line solutions such as virtual private networks (VPNs) can help mitigate obvious threats, but the broader goal is to generate policies and procedures that loop in all users and devices.
For example, remote workers need training on how to recognize potential phishing attacks or malware infections, and it’s worth creating a dedicated channel for them to report issues and get help from IT teams. While this might mean leveraging a third-party provider to help manage cyber resilience at scale, it’s worth the effort to build the biggest web possible.
3. Stick the Landing
As the “2019 Cost of a Data Breach Report” notes, it takes enterprises almost 200 days on average to detect a breach — and another 69 days to contain it. Although these timelines are going down as security technologies improve, there is another problem: attacks that escape unseen.
For web-building businesses, the goal here is “stickiness” — ensuring that identification and detection tools are sensitive and speedy enough to detect threats at a distance. Accomplishing this goal means recognizing fundamental shifts in collaborative and operational frameworks.
Venture Beat notes that “human layer” attacks are on the rise now that video conferencing and on-demand collaboration are essential functions. Traditional security tools can’t stick the landing here, since they’re built to detect predictable patterns and find potential faults. Instead, organizations need to lean on the emerging asset of artificial intelligence (AI) solutions able to account for human behavior and quickly raise red flags.
4. Mind the Gap
Response forms the backbone of any effective cyber resilience strategy. Organizations need ordered, well-orchestrated response plans to get back on their feet and back to business as usual after a cyberattack.
When it comes to webs, however, it’s critical to mind the gap and adjust key openings as necessary. IT teams already suffer from alert fatigue — the result of an overabundance of reports and alerts from security solutions. Expanding security strategy across the breadth of on-demand technologies tends to come with massive alert increases, which can make it virtually impossible for staff to keep pace, let alone get ahead.
In this case, it’s about defining a threshold and then expanding — or contracting — web gaps to match infosec expectations. Your best bet is combining automation with incident analysis. Automated tools allow organizations to tighten up their web with security solutions capable of responding and remediating specific threat categories without human assistance. Staff can then define alert triggers for more worrisome threats, such as odd access requests or large file transfers, and address them ASAP.
5. Test the Tensile Strength
Recovery is the final step in the cyber resilience life cycle, and it encompasses tools and techniques needed to evaluate response, ensure remediation and allow companies to resume essential operations. For our web-based defense design, recovery means testing the tensile strength by making sure that polices and procedures are working as intended.
In practice, this means regularly developing and evaluating security polices to ensure they reflect current trends. Employee education is the first step. All staff need training in secure IT use, no matter when, where or how they connect. Next is testing. This should include third-party assessments and pen tests as well as simulated in-house phishing campaigns to evaluate staff readiness. Simply put: It’s better to break the web yourself, build a better one and try again than to have a hacker break it for you.
6. Get a Leg Up
Cyber resilience web strategies also offer the opportunity to go beyond typical life cycle limits by proactively engaging with potential threats. That’s because the broad nature of web security strategy affords access to massive infosec datasets across multiple threat channels. By combining advanced threat identification with next-generation analysis, organizations can both defend against current attacks and predict potential vectors to secure corporate networks at scale.
Resilience is required to get a business back on track. Funnels form the foundation, but increasing work diversification and IT democratization demands web-based designs that support rapid remediation and recovery.