Cyber attacks are inevitable but they should not cause your business to suffer. Having an effective cyber resilient program in place will enable your business to continue even in the middle of a cyber attack. In the past few weeks the news has been awash regarding the security breach at Sony Pictures, which resulted in staff being instructed to use pen and paper to do their work and not to use their computers. All VPNS, remote access, networks, and computer systems within Sony Pictures were offline for over a week while the breach was dealt with. At the same time, the attackers released gigabytes of information belonging to Sony Pictures onto the Internet. This is a prime example of a how a cyber-attack can bring a business to its knees and how not being cyber resilient can aggravate the impact of a cyber-attack.

Cyber resilience is ensuring the business understands the impact of a potential cyber-attack and the steps required for the business to prevent, survive and recover from such an attack. In essence, it is moving cyber security away from a purely technical focused discipline into a more business and risk management point-of-view. This requires the technical security people who would traditionally focus on point solutions to specific technical threats to translate the potential impact of security incidents into terms and language that business and nontechnical people will understand. Most businesses operate on the principle of risk, every business decision involves an element of risk. Sometimes the result of that risk is positive, for example increased sales, or it may be negative such as loss of market share.

Traditionally, technical people look at issues in a very black or white way, it either works or it does not work, it is secure or not secure. Cyber resilience involves a change in mindset whereby you look to identify how secure the business needs to be in order to survive. This is a challenge for both the technical and nontechnical people. For business people, it requires that they get involved in the decision making process regarding cyber security by identifying what the critical assets to the business are and how valuable they are to the business. The risks to those assets then need to be identified and quantified so that measures can be put into place to reduce the levels of risk against those assets to a level that is acceptable to the business. So instead of a checklist approach to security, or an all or nothing approach, decisions are more focused on what the business needs and investment can be best directed to the more appropriate areas.

I often compare cyber resilience to how kings protected their crown jewels in the Middle Ages. The keep at the center of the castle grounds was where the most valuable assets were kept. The keep itself was placed in a very defendable position within the castle walls. Those castle walls were defended in turn by moats, turrets, and drawbridges. Outside the castle walls were where the villagers and farmers lived. In the event of an attack the king would raise the drawbridge leaving those outside open to attack, but these were acceptable losses to protect the crown jewels. Even if the castle walls were breached, the crown jewels would remain protected within the keep. In today’s security landscape businesses need to identify what their crown jewels are and protect them accordingly. Similarly they also need to identify what should remain within the village, or even within the castle walls, and be prepared to lose those in the event of a major cyber-attack.

Effective cyber-resilience requires rigorous and regular risk assessment exercises, particularly as today the business environments, technology, and cyber-threats change so quickly. These risk assessments should be supported by good security policies outlining what the required security controls are to manage the risks identified. An effective incident response plan is also a critical element of cyber resilience, this plan should cover various types of attacks and how the organization should react to them. As with all plans, regular testing is essential to ensure the plan works and that the business survives in the heat of a real attack. To be fully resilient an organization should integrate their incident response plan with their Business Continuity Plans (BCP) so that in the event of a major security breach the business can continue to operate in BCP mode while dealing with the breach.

Having good cyber resilience in place won’t prevent a security breach from happening, but good cyber resilience will prevent the business from stopping should a security breach occur.

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…