Cyber resilience emerged as a response to the evolving need for information security. Organizations recognized that attacks were a question of when, not if, and adapted security strategy to include orchestrated response and recovery frameworks that could identify critical assets, protect key data, detect potential issues, respond to immediate threats and jump-start recovery to get businesses back on track.

As a result, enterprises went to work on building resilience “funnels” — strategies that aggregate and address issues along the traditional corporate IT stack, from local servers to third-party providers and hybrid cloud services. The advent of democratized technologies and delocalized work, however, has created a new attack avenue. Instead of funneling down into common cyber resilience capture points, many attackers take a sideways approach that targets remote users, lateral services or public connections.

To solve for emerging attack vectors, organizations need a new defensive design: the cyber resilience web. Not sure where to start? Let’s break down six critical components of this security string theory.

1. Start With Support

The first pillar of any cyber resilience framework is identification: locating key business applications and any associated risks. In the context of a cybersecurity web, this expands to include identifying key supports, specifically from the C-suite.

Why? Because effective webs need firm foundations to deliver consistent results over time. Broad security strategy that lacks boardroom budgets and boosters won’t hold for long. As a recent IDC white paper notes, the scope of support also matters. Along with C-suite champions, organizations need stakeholder buy-in from data owners, IT teams and frontline employees.

Ultimately, webs must cast a wide net to encompass the new realities of enterprise IT efforts. Identifying and cultivating key supports is essential to delivering security strength at scale.

2. Build Big

Protection comes next. In the context of depth-based cyber resilience, this means leveraging first-line defenses such as firewalls, malware detection tools and runtime application self-protection (RASP) solutions. Building out breadth to remediate and recover from attacks tied to expanding 5G networks, emerging industrial internet of things (IIoT) devices and the evolving security risks of remote work collaboration tools, however, requires thinking big.

Here, the focus is on designing security strategy that doesn’t just build up the infosec funnel, but also builds out along new lines of work. Front-line solutions such as virtual private networks (VPNs) can help mitigate obvious threats, but the broader goal is to generate policies and procedures that loop in all users and devices.

For example, remote workers need training on how to recognize potential phishing attacks or malware infections, and it’s worth creating a dedicated channel for them to report issues and get help from IT teams. While this might mean leveraging a third-party provider to help manage cyber resilience at scale, it’s worth the effort to build the biggest web possible.

3. Stick the Landing

As the “2019 Cost of a Data Breach Report” notes, it takes enterprises almost 200 days on average to detect a breach — and another 69 days to contain it. Although these timelines are going down as security technologies improve, there is another problem: attacks that escape unseen.

For web-building businesses, the goal here is “stickiness” — ensuring that identification and detection tools are sensitive and speedy enough to detect threats at a distance. Accomplishing this goal means recognizing fundamental shifts in collaborative and operational frameworks.

Venture Beat notes that “human layer” attacks are on the rise now that video conferencing and on-demand collaboration are essential functions. Traditional security tools can’t stick the landing here, since they’re built to detect predictable patterns and find potential faults. Instead, organizations need to lean on the emerging asset of artificial intelligence (AI) solutions able to account for human behavior and quickly raise red flags.

4. Mind the Gap

Response forms the backbone of any effective cyber resilience strategy. Organizations need ordered, well-orchestrated response plans to get back on their feet and back to business as usual after a cyberattack.

When it comes to webs, however, it’s critical to mind the gap and adjust key openings as necessary. IT teams already suffer from alert fatigue — the result of an overabundance of reports and alerts from security solutions. Expanding security strategy across the breadth of on-demand technologies tends to come with massive alert increases, which can make it virtually impossible for staff to keep pace, let alone get ahead.

In this case, it’s about defining a threshold and then expanding — or contracting — web gaps to match infosec expectations. Your best bet is combining automation with incident analysis. Automated tools allow organizations to tighten up their web with security solutions capable of responding and remediating specific threat categories without human assistance. Staff can then define alert triggers for more worrisome threats, such as odd access requests or large file transfers, and address them ASAP.

5. Test the Tensile Strength

Recovery is the final step in the cyber resilience life cycle, and it encompasses tools and techniques needed to evaluate response, ensure remediation and allow companies to resume essential operations. For our web-based defense design, recovery means testing the tensile strength by making sure that polices and procedures are working as intended.

In practice, this means regularly developing and evaluating security polices to ensure they reflect current trends. Employee education is the first step. All staff need training in secure IT use, no matter when, where or how they connect. Next is testing. This should include third-party assessments and pen tests as well as simulated in-house phishing campaigns to evaluate staff readiness. Simply put: It’s better to break the web yourself, build a better one and try again than to have a hacker break it for you.

6. Get a Leg Up

Cyber resilience web strategies also offer the opportunity to go beyond typical life cycle limits by proactively engaging with potential threats. That’s because the broad nature of web security strategy affords access to massive infosec datasets across multiple threat channels. By combining advanced threat identification with next-generation analysis, organizations can both defend against current attacks and predict potential vectors to secure corporate networks at scale.

Resilience is required to get a business back on track. Funnels form the foundation, but increasing work diversification and IT democratization demands web-based designs that support rapid remediation and recovery.

More from Risk Management

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them.ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge.Understanding Attack Surface ManagementHere are some key…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor for…

Container Drift: Where Age isn’t Just a Number

Container orchestration frameworks like Kubernetes have brought about untold technological advances over the past decade. However, they have also enabled new attack vectors for bad actors to leverage. Before safely deploying an application, you must answer the following questions: How long should a container live? Does the container need to write any files during runtime? Determining the container’s lifetime and the context in which it runs is critical, especially when hosting an internet-facing service. What is Container Drift? When deploying…

OneNote, Many Problems? The New Phishing Framework

There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes. Their newest hook? OneNote documents. First noticed in December 2022, this phishing framework has seen success in fooling multiple antivirus (AV) tools by using .one file extensions, and January 2023 saw an attack uptick as compromises continued. While this novel notes approach will eventually be phased out as phishing defenses catch up,…