How Does Your Board Measure Cyber Resilience?

Organizations are facing an uphill battle. The volume of cyberattacks has risen year-on-year, with a 38% increase in 2022 compared to the previous year. In the UK alone, an organization is being targeted on average 855 times per week over the last six months. Supply chain attacks continue to challenge organizations.

Zero-day vulnerabilities are being uncovered daily, with the most recent prolific incident being the 3CX compromise found in March 2023.

The geopolitical landscape has never been more fractured in response to the Russo-Ukraine war, and ransomware has evolved beyond classic encryption to more sophisticated data extortion. All of this has created the perfect conditions for cybercriminals to thrive and for businesses to stay out of danger. 

So, what is the solution? In today's interconnected world, where digital technologies play a vital role in business operations, organizations need a proactive and comprehensive approach to cybersecurity, one that goes beyond traditional preventative measures. Enter cyber resilience: the ability of organizations to withstand, respond to, and recover from cyber incidents while maintaining essential operations and protecting critical assets. Cyber resilience is not just about dealing with threats, it’s about the board’s overall ability to make informed decisions on how to mitigate risk and ensure that data is protected. With such a tall order, the question is - where do you even begin?

Taking A Risk-Based View

Many organizations opt for widely recognized guidelines and standards as a starting point to establish a common framework for cybersecurity and risk analysis. Two prominent tools are the National Institute of Standards and Technology (NIST) framework and the MITRE ATT&CK framework. These provide organizations with structured approaches to identify, protect, detect, respond to, and recover from cyber threats. By adhering to these frameworks, businesses can enhance their overall cybersecurity posture and strengthen their ability to withstand potential attacks.

To implement such frameworks effectively, organizations should first assess their current cybersecurity capabilities and identify any gaps or vulnerabilities. This will help determine which framework is most suitable for their needs. Next, they need to establish a dedicated team responsible for overseeing the implementation and ongoing management of the framework. This team will map the framework's controls and guidelines to the organization's existing infrastructure and processes, ensuring the framework is aligned with the specific requirements and risks the business faces.

In the European Union (EU), recent developments have also highlighted the growing emphasis on resilience. The EU's Network and Information Security (NIS) Directive, implemented in 2018, requires organizations to adopt appropriate measures to ensure the security and resilience of their network and information systems. Furthermore, the EU Cybersecurity Act, enacted in 2019, establishes a framework for the certification of cybersecurity products and services.

These developments demonstrate the EU's commitment to enhancing cybersecurity at both the organizational and regulatory levels. 

The unfortunate truth is cybersecurity frameworks alone are no longer enough to protect organizations in a world where threats and data breaches are more than one-off occurrences. After all, cybercriminals do not care about frameworks - they care about breaking through a network’s defenses. Robust, proactive, and preparatory work is needed to ensure that businesses can mitigate these threats, reduce their overall risk posture, and orchestrate rapid-response remediation when required. 

Resilience: Adopting A Prevention-First Approach

While traditional cybersecurity measures primarily focus on threat detection and mitigation, adopting a prevention-first approach is crucial when it comes to shoring up resilience. 

Resilience refers to an organization’s ability to not only detect and mitigate threats but have real-time visibility over their networks and the ability to anticipate threats and execute rapid-response measures that reduce or eliminate downtime. 

Rather than solely relying on reactive measures, organizations need to proactively build robust defenses that can withstand potential attacks. This approach emphasizes the importance of identifying vulnerabilities, implementing strong security controls, and continuously monitoring and improving security practices. To effectively address the challenges of the digital age, organizations should embrace the three C's and ensure their solution is comprehensive, consolidated, and collaborative. 

Comprehensive security measures entail a holistic approach, encompassing all aspects of an organization's infrastructure, applications, and data. This includes implementing access controls, regular patching, and encryption protocols, among other measures.

Consolidation refers to the integration and centralization of security tools and technologies. A study conducted by Check Point and Dimensional Research found that 49% of all organizations use between 6 and 40 point security products, while 98% of organizations manage their security products with multiple consoles, creating vulnerability gaps and visibility blind spots. By reducing the number of disparate solutions and unifying security operations, organizations can achieve greater visibility and control over their security landscape at a time when network footprints are rapidly expanding. This enables more efficient threat detection, response, and recovery processes. 

Collaboration highlights the importance of taking a cohesive and joined-up approach to threat detection and mitigation. If one endpoint is compromised, all areas of the organization – including its software supply chain – must mobilize from a security perspective to ensure the threat is contained and cannot spread laterally within the network or impact customer organizations as part of a supply chain attack. Real-time threat intelligence from enforcers, cyber analysts, and the broader cybersecurity community must also be pooled to ensure that the most up-to-date threat information is available to all. 

Making Cybersecurity More Resilient

The concept of cyber resilience goes beyond traditional cybersecurity. It encompasses an organization’s ability to withstand and recover from cyberattacks. While cybersecurity focuses on preventing and detecting attacks, resilience aims to build a fortified environment that can withstand potential threats.

In essence, it involves building that automated barricade rather than relying on an under-resourced army to detect and respond to attacks.

Resilience acknowledges that no security system is perfect, and breaches can occur despite robust preventive measures. Therefore, organizations must focus on building redundancies, developing incident response plans, and establishing backup and recovery mechanisms to ensure business continuity even in the face of a successful attack.

The modern threat landscape requires businesses to go beyond traditional cybersecurity measures and embrace resilience as a critical component of their security strategies.

By adopting a prevention-first approach, leveraging comprehensive, consolidated, and collaborative security measures, and understanding the importance of cyber resilience, organizations can better protect their assets and mitigate the potential impacts of cyber threats. As the digital landscape continues to evolve, businesses must stay vigilant, adapt to emerging challenges, and prioritize resilience above all else. After all, it is better to build your barricades before your army.

Deryck Mitchelson is Field CISO at Check Point Software

You Might Also Read: 

The Reality Check For Small & Medium Businesses:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Employees To Blame For 70% Of Corporate Data Breaches
Innovation In Cyber Security: NDR Meets XDR »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NICE Systems

NICE Systems

NICE Systems provide software solutions to ensure compliance, fight financial crime, and safeguard people and assets.

Subgraph

Subgraph

Subgraph is an open source security company, committed to making secure and usable open source computing available to everyone.

QOMPLX

QOMPLX

QOMPLX integrate, contextualize, and analyze data from virtually any source to help you identify operational risk and inefficiencies throughout the enterprise.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

DigiByte (DGB)

DigiByte (DGB)

DigiByte (DGB) is a rapidly growing global blockchain with a focus on cybersecurity for digital payments & decentralized applications.

Injazat

Injazat

Injazat Data Systems is an industry recognized market leader in the Gulf region for Information Technology, Data Center and Managed Services.

Coralogix

Coralogix

Coralogix are rebuilding the path to observability using a real-time streaming analytics pipeline that provides monitoring, visualization, and alerting capabilities without the burden of indexing.

Diligent

Diligent

Diligent's SaaS GRC platform gives leaders a connected view of governance, risk, compliance and ESG across their organization.

Execweb

Execweb

Execweb are a cybersecurity executive network, comprised of 400+ security practitioners who work at Fortune 500 and SME companies.

Detego Global

Detego Global

Detego Global are the creators of the Detego® Unified Digital Forensics Platform, a suite of modular tools used globally by military, law enforcement and intelligence agencies, and enterprises.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Red Helix

Red Helix

Red Helix (formerly Phoenix Datacom) is a market leader in network performance and cyber security.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.

Advania UK

Advania UK

Advania are one of Microsoft’s leading partners in the UK, specialising in Azure, Security, Dynamics 365 and Microsoft 365.

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.

RELIANOID

RELIANOID

RELIANOID is an application delivery controller and load balancing system that ensures high performance and security of IT services on a massive scale.