How Does Your Board Measure Cyber Resilience?

Organizations are facing an uphill battle. The volume of cyberattacks has risen year-on-year, with a 38% increase in 2022 compared to the previous year. In the UK alone, an organization is being targeted on average 855 times per week over the last six months. Supply chain attacks continue to challenge organizations.

Zero-day vulnerabilities are being uncovered daily, with the most recent prolific incident being the 3CX compromise found in March 2023.

The geopolitical landscape has never been more fractured in response to the Russo-Ukraine war, and ransomware has evolved beyond classic encryption to more sophisticated data extortion. All of this has created the perfect conditions for cybercriminals to thrive and for businesses to stay out of danger. 

So, what is the solution? In today's interconnected world, where digital technologies play a vital role in business operations, organizations need a proactive and comprehensive approach to cybersecurity, one that goes beyond traditional preventative measures. Enter cyber resilience: the ability of organizations to withstand, respond to, and recover from cyber incidents while maintaining essential operations and protecting critical assets. Cyber resilience is not just about dealing with threats, it’s about the board’s overall ability to make informed decisions on how to mitigate risk and ensure that data is protected. With such a tall order, the question is - where do you even begin?

Taking A Risk-Based View

Many organizations opt for widely recognized guidelines and standards as a starting point to establish a common framework for cybersecurity and risk analysis. Two prominent tools are the National Institute of Standards and Technology (NIST) framework and the MITRE ATT&CK framework. These provide organizations with structured approaches to identify, protect, detect, respond to, and recover from cyber threats. By adhering to these frameworks, businesses can enhance their overall cybersecurity posture and strengthen their ability to withstand potential attacks.

To implement such frameworks effectively, organizations should first assess their current cybersecurity capabilities and identify any gaps or vulnerabilities. This will help determine which framework is most suitable for their needs. Next, they need to establish a dedicated team responsible for overseeing the implementation and ongoing management of the framework. This team will map the framework's controls and guidelines to the organization's existing infrastructure and processes, ensuring the framework is aligned with the specific requirements and risks the business faces.

In the European Union (EU), recent developments have also highlighted the growing emphasis on resilience. The EU's Network and Information Security (NIS) Directive, implemented in 2018, requires organizations to adopt appropriate measures to ensure the security and resilience of their network and information systems. Furthermore, the EU Cybersecurity Act, enacted in 2019, establishes a framework for the certification of cybersecurity products and services.

These developments demonstrate the EU's commitment to enhancing cybersecurity at both the organizational and regulatory levels. 

The unfortunate truth is cybersecurity frameworks alone are no longer enough to protect organizations in a world where threats and data breaches are more than one-off occurrences. After all, cybercriminals do not care about frameworks - they care about breaking through a network’s defenses. Robust, proactive, and preparatory work is needed to ensure that businesses can mitigate these threats, reduce their overall risk posture, and orchestrate rapid-response remediation when required. 

Resilience: Adopting A Prevention-First Approach

While traditional cybersecurity measures primarily focus on threat detection and mitigation, adopting a prevention-first approach is crucial when it comes to shoring up resilience. 

Resilience refers to an organization’s ability to not only detect and mitigate threats but have real-time visibility over their networks and the ability to anticipate threats and execute rapid-response measures that reduce or eliminate downtime. 

Rather than solely relying on reactive measures, organizations need to proactively build robust defenses that can withstand potential attacks. This approach emphasizes the importance of identifying vulnerabilities, implementing strong security controls, and continuously monitoring and improving security practices. To effectively address the challenges of the digital age, organizations should embrace the three C's and ensure their solution is comprehensive, consolidated, and collaborative. 

Comprehensive security measures entail a holistic approach, encompassing all aspects of an organization's infrastructure, applications, and data. This includes implementing access controls, regular patching, and encryption protocols, among other measures.

Consolidation refers to the integration and centralization of security tools and technologies. A study conducted by Check Point and Dimensional Research found that 49% of all organizations use between 6 and 40 point security products, while 98% of organizations manage their security products with multiple consoles, creating vulnerability gaps and visibility blind spots. By reducing the number of disparate solutions and unifying security operations, organizations can achieve greater visibility and control over their security landscape at a time when network footprints are rapidly expanding. This enables more efficient threat detection, response, and recovery processes. 

Collaboration highlights the importance of taking a cohesive and joined-up approach to threat detection and mitigation. If one endpoint is compromised, all areas of the organization – including its software supply chain – must mobilize from a security perspective to ensure the threat is contained and cannot spread laterally within the network or impact customer organizations as part of a supply chain attack. Real-time threat intelligence from enforcers, cyber analysts, and the broader cybersecurity community must also be pooled to ensure that the most up-to-date threat information is available to all. 

Making Cybersecurity More Resilient

The concept of cyber resilience goes beyond traditional cybersecurity. It encompasses an organization’s ability to withstand and recover from cyberattacks. While cybersecurity focuses on preventing and detecting attacks, resilience aims to build a fortified environment that can withstand potential threats.

In essence, it involves building that automated barricade rather than relying on an under-resourced army to detect and respond to attacks.

Resilience acknowledges that no security system is perfect, and breaches can occur despite robust preventive measures. Therefore, organizations must focus on building redundancies, developing incident response plans, and establishing backup and recovery mechanisms to ensure business continuity even in the face of a successful attack.

The modern threat landscape requires businesses to go beyond traditional cybersecurity measures and embrace resilience as a critical component of their security strategies.

By adopting a prevention-first approach, leveraging comprehensive, consolidated, and collaborative security measures, and understanding the importance of cyber resilience, organizations can better protect their assets and mitigate the potential impacts of cyber threats. As the digital landscape continues to evolve, businesses must stay vigilant, adapt to emerging challenges, and prioritize resilience above all else. After all, it is better to build your barricades before your army.

Deryck Mitchelson is Field CISO at Check Point Software

You Might Also Read: 

The Reality Check For Small & Medium Businesses:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Employees To Blame For 70% Of Corporate Data Breaches
Innovation In Cyber Security: NDR Meets XDR »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Seclore

Seclore

Seclore is the most advanced, secure, and automated Enterprise Digital Rights Management (EDRM) solution available.

Advanced Systems International SAC

Advanced Systems International SAC

Advanced Systems international is a global company dedicated to data security software design, development, support, and licensing.

Living Security

Living Security

Living Security specializes in metric driven and engaging security awareness solutions that reduce risk by increasing security culture and changing employee behaviour.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

The Security Company (TSC)

The Security Company (TSC)

The Security Company is a leading provider of creative employee security awareness programmes.

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

SOC.OS Cyber Security

SOC.OS Cyber Security

SOC.OS is an alert correlation and triage automation tool. It correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond.

ARIA Cybersecurity Solutions

ARIA Cybersecurity Solutions

The ARIA ADR Automatic Detection & Response solution was designed to find, verify, and stop all types of attacks - automatically and in real time.

Maintel

Maintel

Maintel provides cloud and managed communications services. We help our customers to deliver exceptional customer experiences, and to securely access their applications and their data.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Xeol

Xeol

Software free of vulnerabilities, built and distributed by trusted entities. Our mission is to help customers secure their software from code to deploy.

Oxford Information Labs (OXIL)

Oxford Information Labs (OXIL)

Oxford Information Labs brings together world-class software programmers and policy experts to provide a unique mix of expertise and hands on technical solutions.

Secure Domains

Secure Domains

Secure Domains is the first company in the GCC to offer cloud-based DNS firewall services and security through its flagship SaaS product, DNS Armor.

Grey Market Labs

Grey Market Labs

Grey Market Labs is a special place. It is a data privacy and security skunkworks.