December 12, 2014 By Brian Honan 3 min read

Cyber attacks are inevitable but they should not cause your business to suffer. Having an effective cyber resilient program in place will enable your business to continue even in the middle of a cyber attack. In the past few weeks the news has been awash regarding the security breach at Sony Pictures, which resulted in staff being instructed to use pen and paper to do their work and not to use their computers. All VPNS, remote access, networks, and computer systems within Sony Pictures were offline for over a week while the breach was dealt with. At the same time, the attackers released gigabytes of information belonging to Sony Pictures onto the Internet. This is a prime example of a how a cyber-attack can bring a business to its knees and how not being cyber resilient can aggravate the impact of a cyber-attack.

Cyber resilience is ensuring the business understands the impact of a potential cyber-attack and the steps required for the business to prevent, survive and recover from such an attack. In essence, it is moving cyber security away from a purely technical focused discipline into a more business and risk management point-of-view. This requires the technical security people who would traditionally focus on point solutions to specific technical threats to translate the potential impact of security incidents into terms and language that business and nontechnical people will understand. Most businesses operate on the principle of risk, every business decision involves an element of risk. Sometimes the result of that risk is positive, for example increased sales, or it may be negative such as loss of market share.

Traditionally, technical people look at issues in a very black or white way, it either works or it does not work, it is secure or not secure. Cyber resilience involves a change in mindset whereby you look to identify how secure the business needs to be in order to survive. This is a challenge for both the technical and nontechnical people. For business people, it requires that they get involved in the decision making process regarding cyber security by identifying what the critical assets to the business are and how valuable they are to the business. The risks to those assets then need to be identified and quantified so that measures can be put into place to reduce the levels of risk against those assets to a level that is acceptable to the business. So instead of a checklist approach to security, or an all or nothing approach, decisions are more focused on what the business needs and investment can be best directed to the more appropriate areas.

I often compare cyber resilience to how kings protected their crown jewels in the Middle Ages. The keep at the center of the castle grounds was where the most valuable assets were kept. The keep itself was placed in a very defendable position within the castle walls. Those castle walls were defended in turn by moats, turrets, and drawbridges. Outside the castle walls were where the villagers and farmers lived. In the event of an attack the king would raise the drawbridge leaving those outside open to attack, but these were acceptable losses to protect the crown jewels. Even if the castle walls were breached, the crown jewels would remain protected within the keep. In today’s security landscape businesses need to identify what their crown jewels are and protect them accordingly. Similarly they also need to identify what should remain within the village, or even within the castle walls, and be prepared to lose those in the event of a major cyber-attack.

Effective cyber-resilience requires rigorous and regular risk assessment exercises, particularly as today the business environments, technology, and cyber-threats change so quickly. These risk assessments should be supported by good security policies outlining what the required security controls are to manage the risks identified. An effective incident response plan is also a critical element of cyber resilience, this plan should cover various types of attacks and how the organization should react to them. As with all plans, regular testing is essential to ensure the plan works and that the business survives in the heat of a real attack. To be fully resilient an organization should integrate their incident response plan with their Business Continuity Plans (BCP) so that in the event of a major security breach the business can continue to operate in BCP mode while dealing with the breach.

Having good cyber resilience in place won’t prevent a security breach from happening, but good cyber resilience will prevent the business from stopping should a security breach occur.

More from Incident Response

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today