Cyber-resilience: today, surviving an attack is as vital as preventing one

Matthew O'Brien

Group Owner - Cyber Security


No organisation is immune to security breaches. That's the reality today as cyber-attacks increase in size, scope and sophistication.

Your security strategies can't just cover prevention because it's impossible to protect against 100% of threats, 100% of the time. How well you recover from an attack is just as important.

Threats are evolving at cyber-speed

As organisations deploy more sophisticated defences, criminals match them with more sophisticated cyber-attacks.

It's an arms race which has seen a general balance between attacker and defenders. However, the advent of Artificial Intelligence (AI) and Machine Learning (ML) has moved the goalposts.

Now there are automated attacks that learn from their setbacks, and recalibrate techniques accordingly. It's a far more powerful weapon in criminal arsenals.

More windows of opportunity 

Business operations have also become more vulnerable, largely due to the rise of the distributed enterprise.

At one time, everything was safe inside the security perimeter covering offices and the data centre. But as organisations' footprints increased, perimeters stretched from the premises to multiple touch points. Now, critical assets are often outside corporate boundaries.

For example, most organisations have many locations and cloud environments. Their staff access corporate systems while mobile. Linked third parties like suppliers and partners expand the footprint even further.

What's more, new developments like edge computing will distribute data processing far and wide. And the Internet of Things (IoT) can connect an organisation to thousands of sensors.

Today, the endpoint and user have become the new defence perimeter, and they're most likely beyond your control.

More windows of opportunity

Where cyber-resilience fits in

Cyber-resilience focuses on how ready you are for an attack, and how well you react and recover. It covers a range of activities, broadly grouped under prevention and response.

Prevention means identifying and assessing risks to your operations. It also includes monitoring and detecting suspicious behaviours to prevent attacks before they happen.

Response covers the plans you have to recover quickly with minimal disruption and damage if a breach occurs.

Underpinning both is governance to ensure your resilience program is being maintained as part of normal business. Always lead with your normal business context; the relating cyber security policies and associated controls should serve that business context.

On the other hand, cyber-security deals with the processes and technologies to protect your networks, data, applications and users. However, cyber-resilience and cyber-security are flip sides of the same coin, and there's overlap between them. One thing is certain: both of them are more vital than ever.

Cyber-resilience begins with the basics

There are simple steps you can take right now to counter growing risks.

Begin with an incident response plan that covers your business objectives, priorities and tolerances. Then plot a path to where you want to go, and build on each element over time.

Impose fundamental security hygiene at the start. Make sure your systems are patched and that backup and recovery measures are in place. Your systems should also be scanned regularly.

Importantly, you need to maintain governance to ensure your plan is being followed. Test the plan regularly to understand the potential impacts of a breach so you can minimise fallout.

When it comes to the bigger picture, there are five key points to consider.

Raise awareness

Good security practices can't be a part-time activity. They need to be constant and permeate the organisation. Employees need to understand risks, and so do managers all the way up to C-level. Security is a mindset that needs to be cultivated at every opportunity.

Assess your dependence on third parties

Chances are you're reliant on many third parties. Since you can't control them, you must factor their risk profile into your resilience plan. If your third party's security practices don't meet your standards, find another. Because you will pay for their mistakes.

Get technology on your side

AI and ML are as useful to security managers as they are to hackers. In fact, the sheer volume of security data makes it impossible to manage by humans. AI and ML can scan for patterns and flag suspicious activities in a fraction of the time to provide a timely heads-up.

Zero trust

It's essential to keep on top of the multitude of applications, access types and users in play today. A zero trust approach assumes there is no traditional network edge and that workers can be in any location. You need to authenticate at every step to make sure your users are who they say they are, and only have access to what they need.

Security by design

Design security into everything you can from the start - including your apps, processes, services, connectivity and more. You'll be more resilient, and you won't have to backtrack and remediate issues if they occur. Equally important, security that's built in can offer competitive advantage in productivity and reputation.

Perhaps the most important point of all is this: cyber-resilience is an enabler of business. Your business survival outcome will be dictated by your level of preparedness. It can be a differentiator and it doesn't have to cost the business that much, but it can cost you the business if you don't adopt it.

Make a real difference Speak to an expert