-
Resources
- Forums
-
What is cyber resilience, and why is it important?
What is cyber resilience?
Cyber resilience is an organization’s ability to prevent, withstand and recover from incidents that use or are enabled by IT resources. These incidents are not limited to deliberate attacks; they can also result from non-malicious events like errors by IT admins, power outages and equipment failures, all of which could lead to IT system disruptions or downtime that affect business processes.
The goal of cyber resilience is simple: To enable the organization to continuously deliver on its objectives or mission by keeping the IT environment up and running as much as possible — and getting it back up and running quickly when a disruption does occur.
What are the Benefits of cyber resilience?
Reduced risk of costly breaches
The average cost of a data breach exceeds US$4 million. By improving your cyber resilience, you can spot both intruders and insider threats in time to keep them from stealing your sensitive data — or even prevent unauthorized access to your network in the first place. As a result, you can better avoid the steep financial impact of breaches.
Increased user productivity
When IT systems experience disruptions, users can’t do their jobs, so business processes suffer. Indeed, 40% of enterprises say that a single hour of downtime costs $1 million to over $5 million. With a strong cyber resilience and cybersecurity strategy, you can minimize the risk of impaired productivity and the resulting lost revenue.
Fewer fines and penalties
A solid cyber resilience strategy includes many of the controls mandated by compliance regulations, including access governance, cyber risk management, vulnerability remediation, physical security, intrusion detection, and incident response. As a result, you will be able to more effectively identify and protect regulated data as required, thereby avoiding violations that could result in steep penalties and increased oversight.
Stronger customer satisfaction and loyalty
Two of the surest ways to alienate customers are to land in the breach
headlines and to have unreliable IT systems that are not available when
they’ve needed. Cyber resilient organizations stand out from the
competition because they can deliver both trust and service to customers.
What are the 4 pillars of cyber resilience?
There are 4 key pillars to cyber resilience:
Anticipate
Organizations need to anticipate many types of adversity, including:
- Cyberattacks like ransomware, denial-of-service (DoS) attacks and advanced persistent threats (APTs)
- Social-engineering attacks like phishing and spear-phishing
- Natural disasters such as flooding or earthquakes
- Structural failures like power outages
- Stresses such as unexpectedly high loads on systems
- Harmful activity, whether malicious or accidental, by legitimate users, especially around critical information systems or confidential data
Withstand
Organizations also need to take steps to ensure that essential functions can continue in the face of adversity. This requires identifying those essential functions, along with all supporting processes, systems, services and infrastructure. Then take steps to minimize the risk of those functions being disrupted by the types of adversity you identified.
Recover
It’s also important to be able to restore essential functions during and after adversity. Be sure to prioritize your recovery operations and consider using a phased approach. For example, by restoring your most important Active Directory domain controllers, you can quickly get the business up and limping, if not running at full speed. Keep in mind that you need to be able to trust that restoring a systems will not also restore the threat, such malicious software like Trojans or a backdoor for cybercriminals to regain access to your information systems.
Adapt
Cyber resilience is not a once-and-done event; it’s a never-ending process. Because your business needs, your IT ecosystem and the cyber threat landscape do not stand still, you need to regularly assess your inventory of critical business functions and their supporting capabilities, as well as your mitigation, response and restoration strategies.
What is the difference between cybersecurity and cyber resilience?
Cybersecurity, as the word indicates, is focused on security: protecting IT systems and data from being compromised. This is a vital component of cyber resilience, but cyber resilience is broader: It is focused on preventing or quickly reverting disruption to IT operations.
A computer system could have strong cybersecurity without being cyber resilient. For example, a single desktop that is not connected to the internet and that is protected by multifactor authentication (MFA) has strong cybersecurity. However, if it can be wiped out by a tornado or a piece of malware introduced via a USB device, it is not cyber resilient.
In short, cyber resilience involves cybersecurity but its focus is on agility and business continuity.
What are the 5 key components of a cyber resilience strategy?
A strong cyber resilience strategy involves all of the following key components:
Identity governance and administration
Identity governance and administration is at the center of a robust cyber resilience strategy. By ensuring that only the right people get the right access to the right resources at the right time, you can dramatically reduce your risk of suffering a cyber incident. Ensure you can grant access rights by defined roles, rules and security policies, and that business owners can easily perform regular access certification.
Privileged access management
Hackers target privileged accounts for good reason — they provide access to sensitive information and control over vital systems. To thwart malicious activity, you need to closely govern and monitor privileged access. Look for capabilities such as granular delegation of administrative access, a password vault to secure privileged credentials, and security threat analytics over recordings of privileged sessions.
Hybrid Active Directory security and management
It’s simple: If your Active Directory is down, your business is down. Therefore, it’s vital to be able to defend against, detect and recover from cyber incidents that affect your AD. Make sure you can prevent attackers from changing your critical groups or GPO settings; identify and mitigate attack paths that they could use to seize control of your domain; detect and respond to indicators of compromise (IOCs); and be prepared to quickly restore your AD domain or forest.
Unified endpoint management
Many cyber incidents begin on endpoints. Accordingly, it’s vital to know exactly what endpoints you have and manage, secure and patch them effectively. In addition, you need continuous auditing and intelligent alerting on suspicious activity so you can respond promptly to cyberthreats.
Backup and disaster recovery
Not all cyber incidents can be prevented, so it’s essential to have a comprehensive backup and recovery plan that accelerates disaster recovery across your on-prem, cloud or hybrid environment. Be sure that the solution you choose offers secure storage of backups out of the reach of attackers, flexible recovery options, and safeguards against malicious code reinfecting your systems upon restoration from backup.
Where can I get help with improving my organization’s cyber resilience?
Quest offers an identity-centered, defense-in-depth approach to cyber resilience. Our comprehensive suite of cyber resilience solutions cover all 5 key components detailed above:
- Identity governance and administration
- Privileged access management
- Hybrid Active Directory security and management
- Unified endpoint management
- Backup and disaster recovery