Cyber resilience is an organization’s ability to prevent, withstand and recover from incidents that use or are enabled by IT resources. These incidents are not limited to deliberate attacks; they can also result from non-malicious events like errors by IT admins, power outages and equipment failures, all of which could lead to IT system disruptions or downtime that affect business processes.
The goal of cyber resilience is simple: To enable the organization to continuously deliver on its objectives or mission by keeping the IT environment up and running as much as possible — and getting it back up and running quickly when a disruption does occur.
There are 4 key pillars to cyber resilience:
Organizations need to anticipate many types of adversity, including:
Organizations also need to take steps to ensure that essential functions can continue in the face of adversity. This requires identifying those essential functions, along with all supporting processes, systems, services and infrastructure. Then take steps to minimize the risk of those functions being disrupted by the types of adversity you identified.
It’s also important to be able to restore essential functions during and after adversity. Be sure to prioritize your recovery operations and consider using a phased approach. For example, by restoring your most important Active Directory domain controllers, you can quickly get the business up and limping, if not running at full speed. Keep in mind that you need to be able to trust that restoring a systems will not also restore the threat, such malicious software like Trojans or a backdoor for cybercriminals to regain access to your information systems.
Cyber resilience is not a once-and-done event; it’s a never-ending
process. Because your business needs, your IT ecosystem and the cyber threat
landscape do not stand still, you need to regularly assess your inventory of
critical business functions and their supporting capabilities, as well as your
mitigation, response and restoration strategies.
Cybersecurity, as the word indicates, is focused on security: protecting IT systems and data from being compromised. This is a vital component of cyber resilience, but cyber resilience is broader: It is focused on preventing or quickly reverting disruption to IT operations.
A computer system could have strong cybersecurity without being cyber resilient. For example, a single desktop that is not connected to the internet and that is protected by multifactor authentication (MFA) has strong cybersecurity. However, if it can be wiped out by a tornado or a piece of malware introduced via a USB device, it is not cyber resilient.In short, cyber resilience involves cybersecurity but its focus is on agility and business continuity.
A strong cyber resilience strategy involves all of the following key components:
Identity governance and administration is at the center of a robust cyber resilience strategy. By ensuring that only the right people get the right access to the right resources at the right time, you can dramatically reduce your risk of suffering a cyber incident. Ensure you can grant access rights by defined roles, rules and security policies, and that business owners can easily perform regular access certification.
Hackers target privileged accounts for good reason — they provide access to sensitive information and control over vital systems. To thwart malicious activity, you need to closely govern and monitor privileged access. Look for capabilities such as granular delegation of administrative access, a password vault to secure privileged credentials, and security threat analytics over recordings of privileged sessions.
It’s simple: If your Active Directory is down, your business is down. Therefore, it’s vital to be able to defend against, detect and recover from cyber incidents that affect your AD. Make sure you can prevent attackers from changing your critical groups or GPO settings; identify and mitigate attack paths that they could use to seize control of your domain; detect and respond to indicators of compromise (IOCs); and be prepared to quickly restore your AD domain or forest.
Many cyber incidents begin on endpoints. Accordingly, it’s vital to know exactly what endpoints you have and manage, secure and patch them effectively. In addition, you need continuous auditing and intelligent alerting on suspicious activity so you can respond promptly to cyberthreats.
Not all cyber incidents can be prevented, so it’s essential to have a
comprehensive backup and
recovery plan that accelerates disaster recovery across your on-prem,
cloud or hybrid environment. Be sure that the solution you choose offers
secure storage of backups out of the reach of attackers, flexible recovery
options, and safeguards against malicious code reinfecting your systems upon
restoration from backup.
Quest offers an identity-centered, defense-in-depth approach to cyber resilience. Our comprehensive suite of cyber resilience solutions cover all 5 key components detailed above: