In the world of Cybersecurity today, there is one thing that is for sure: There are plenty of acronyms and techno jargon related words to go around. It seems like that just about every few days, something new is sprouting up in this regard.
Probably one of the most widely used terms today in the COVID19 world is that of “Cyber Risk”. This can mean just about anything to anybody, but in general terms, it merely refers to the level of “pain” that a business can withstand after a Cyberattack has occurred.
Or it can also refer to how just how vulnerable your digital assets are to a security breach even before anything has happened. There are a lot of variables that can factor into how you calculate risk, and they both are quantitative and qualitative based. There are tons of Cyber Risk models out there, and some of the more widely used ones can be found by doing a simple Google search.
But now, the question is how well can your business bounce back after it has been hit? For example, will it be hours, days, etc. (hopefully not any longer than that). Then, once you have recovered your most critical operations and processes, how long will it take you to come back to the way you were before? This part of the story can now be referred to as “Cyber Resiliency”.
In a way, you can view your business as a rubber band. How quickly can you snap back after being stretched for so far? Once again, if you do a Google search, you will come across many definitions of it. Here is a good one:
“Cyber resilience is an organization’s ability to continue functioning and achieving your business goals, no matter what happens. If there’s a breach — if an employee accidentally falls for a phishing scam that downloads malware, but your security team contains the threat and your employees are able to continue working despite the breach — your organization is demonstrating cyber resilience. It’s a form of business continuity planning that doesn’t just include cyber-attacks or data breaches, but other crises.”
But keep in mind that Cyber Resiliency does not just have to mean anything and everything related to Cyber – it can also be extended as well to include your physical assets, and other security scenarios, such as that of Physical Access Entry. It is also important to note that your particular level of Cyber Resiliency is dependent upon a lot of other factors as well, which generally include the following:
*Your ability to respond to and mitigate a threat as it has happening (this is also known as “Incident Response”);
*How quickly you can restore mission critical operations and processes (this is also known as “Disaster Recovery”);
*How long it will take you to come back to a normal state like before your business was impacted (this is also known as “Business Continuity”).
If any of the above three components fail, it will then have a cascading effect onto the other two, and thus, your level of Cyber Resiliency will deteriorate rather quickly. But as also stated, there are also other areas in your Cyber lines of defense that you also need to implement in order to keep these three components strong and alive. And in turn, they will also help you to keep a great level of Cyber Resiliency.
Some of these are as follows:
*Implement the Zero Trust Framework:
As human beings, it is part of our nature to have some sort of baseline trust, even with those people we have met for the first time ever. While this can be a good thing, it can also be a bad thing as well. For example, what if that particular individual takes that goodwill you have, and makes turns that into a weakness or vulnerability? Well, this is where the Zero Trust Framework comes in. As its name implies, especially to Cybersecurity, it means that you literally do not trust anybody, even those employees that have been with you the longest. This does sound like an extreme, but you know what, given today’s Remote Workforce and the virtual world that we live in today, it is now absolutely needed. With this methodology, you must implement at three or more layers of authentication in order to fully ascertain the identity of the individual that is trying to gain access to your digital assets and shared resources. The basic idea here is that with implementing all of these layers, the statistical probability of a Cyberattacker breaking through the others (after they have penetrated through the first line of defense) are greatly lowered.
*Make use of the concept of Least Privilege:
This principle can also be likened in certain ways, to the Zero Trust Framework. With this kind of methodology, you are assigning your employees just those base level of privileges, rights, and permissions, etc. that are needed in order to for them to conduct their every day job tasks. For example, you would assign your administrative assistant the permissions that are needed to read, edit, and upload certain documents, but you certainly would not give him or her root access to the corporate servers. But when you take this approach, you also need to review these levels of permissions on a regular basis. For example, if an employee leaves or changes job roles, you will of course need to give out new levels of permissions accordingly. Also be on the watchout for contracted employees. The moment that their contract ends, you need to immediately delete those rights and permissions that you have given them. If not, you are prone to a prime-time Insider Attack in happening.
*Create backups, and more backups:
This is something that you should be doing all ready, and it also should be an integral part of your overall Security Policy. Obviously with a good backup strategy in place, your ability to bounce back quickly after a security breach will be that much stronger. Although the rules state that you should have backups both onsite and offsite, the way we are working virtually these days you can create a good set of backups quickly and easily by using a Cloud based platform such as the AWS or Microsoft Azure. Also, by using one of these, you should be able to restore your most critical operations in just a matter of a few hours.
*Divide up your IT & Network Infrastructures into zones:
Most businesses these days, especially those of the SMBs, think that by simply implementing one line of defense which protects their entity from the external environment is enough. In other words, think of it as a huge circle . . . this is also referred to as “Perimeter Security. But guess what, if the Cyberattacker has broken through this, then he or she has immediate access to all of the crown jewels in your organization. Therefore, it is important to break your IT/Network Infrastructures into smaller subsegments (also known as “Subnets”) and that each of them have their own layers of protection. Therefore, if the Cyberattacker is able to make their way into one of them, they can become quickly isolated and prevented from moving to other parts of your business. This is also known as “Lateral Movement” and is now a popular technique with Cyberattackers from all over the word. This kind of segmentation will also help you to quickly mitigate any security breaches, thus making your ability to bounce back even quicker.
My Thoughts On This
Overall, this blog has presented to you an overall view of what Cyber Resiliency is, and what some of the components are. Future blogs will do a much deeper dive into the various methodologies that are available today.
But keep in mind, implementing Cyber Resiliency for your business is much like taking a proactive mindset. It does not all happen overnight, and it takes time. Further, it is something that should be implemented in stages, and not all at once, as mistakes are bound to happen, thus making you more vulnerable to a Cyberattack.