When it comes to protecting your castle against hackers, ransomware crooks, and all manner of digital lowlifes cyber resilience is one of your most important weapons — it’s a key factor that determines your success on that battlefield. Basically, in a nutshell, cyber resilience is the capacity for your organisation to take a hit and keep on ticking. It’s how you handle and get off the mat, and continue to operate, in the middle of a doomsday scenario.
What is cyber resilience?
Cyber resilience is your ability to continuously deliver your products, your services, your intended outcomes, your whole operation despite being against the ropes and suffering a security breach or a crisis. It’s the ability to say, and act, as if everything is alright, business as usual, in the middle of a crisis.
This concept also refers to your ability to restore or recover regular mechanisms after such a troubling event — backups, disaster recovery operations, etc. A cyber resilient operation is nimble and can adapt rapidly to unknown crises, threats, adversities, and multiple attacks.
Why is it so important?
Because, despite your best defence, despite how many updates you have on hand, and the tech you’ve employed, and how much you’ve invested in cyber-security, there’s a good chance that during the lifetime of your business you will suffer an attack. And maybe not just one.
All businesses have experienced cyber-breach. Not just small mom and pops, but huge, heavily protected, cyber-robust companies. Businesses like Apple, Sony, Microsoft, Google. Not just business but governments and actual espionage agencies.
In 2017, a security breach of the NSA shook the nation. It slowed all intelligence operations, resulted in hacking attacks to multiple companies, and basically punched that agency’s moral right in the guts. And you want to know what’s even more frustrating? It was one of many hacks and cyber breaches the agency has faced during the last couple of years. In 2016, due to a Windows security vulnerability, the hacker group Shadow Brokers made off like bandits with top-level security codes. In 2014, a Chinese group known as Judgement Panda gained access to the agency’s mainframe and managed to install mirroring tools —- that were active for over 3 years. The most famous case? Edward Snowden breached the agency, through the use of SSH keys and stealing trojans. The Wikileaks scandal became a worldwide event.
In other words, if the NSA, as well as the CIA, MI-6, and all other premier Federal organisations, have been breached – constantly – by cyber-crooks, despite all their firewalls, what makes you think you’re immune to an attack, to a successful attack. This is where cyber resilience comes in.
Cyber resiliency level.
There are multiple cyber resiliency levels or frameworks used to assess how well you react to a threat and a crisis. Each corporation, each institute has one. Lockheed Martin, for example, developed the Cyber Resiliency Level (CRL) Framework. The Department of Homeland Security coined the CRR or Cyber Resiliency Review. Apple has one. Microsoft has another. Even Nike has a framework in place.
What they all have in common are 4 pillars: Protection, Detection, Respond and Recovery. Our adaptive capacity to coordinate, diversify, position ourselves, hide critical assist, confuse the adversary, and realign our operation amid an attack.
What’s the difference between cyber-security and cyber resilience?
Cyber security consists of the process, tools, and different measures you take to protect your systems, data, and networks. It basically reduces the risk of an attack. Cyber resilience meanwhile helps businesses come to terms with one glaring certainty — hackers have the upper hand. They have better innovative tools, they have the element of surprise, and they only need to be successful once to make a dent and truly hurt you.
Hackers are extremely motivated and well funded. Professionals in this field are in fact huge groups and not individuals that invest a lot in their gear and training. Why? Because a small job, a tiny breach can end up giving them huge profits. Profits in the millions.
Components of cyber resilience
It’s important to understand the 4 major components of cyber resilience. These 4 pillars will determine how you pivot in the middle of a crisis and maintain your operation running despite an attack.
Protection
Protection is mainly a task of your cyber security team. They will do everything in their power to safeguard your systems and networks.
Detection
Analytic monitoring and detection of adverse actions and conditions is key to a great cyber resilience strategy. The quicker you understand the attack, and have a dynamic position, the faster you can react and minimise how said attack affects your business.
Respond
Having a dynamic position increases your ability to rapidly recover from an attack. In many cases, it’s like a good game of chess. You’ll have to diversify your moves, mislead, confuse, and hide critical assets, expose tainted assets, and in many cases even sacrifice a few ones.
There are multiple ways to respond to an attack and only your team, based on your organisation, can give you an efficient cyber resilience plan.
Recovery
Recovery is based mostly on the idea that “one is none and two is one,” in other words on multiple levels of redundancy. You’ll need separate systems that will allow you to continue working and recover rapidly in the event of a strike. Systems with backups or critical resources and data.
The benefits of a high-level cyber resiliency
The truth is that cyber resilience services give you a key advantage — the knowledge and certainty that sooner or later you will be breached. Think about your operation, just for a second. Imagine what one day of being offline, unable to operate will cost you. Now multiply that by 21, that’s the number of days most businesses find themselves rudderless and lost at sea in the middle of an attack. Businesses with no cyber resilience plan can spend up to 3 weeks motionless, bleeding money, with no operational capacity. Most lose more money because of that period of inaction than from the attack itself.