Improve infrastructure cybersecurity through cyber resiliency
According to MITRE, “cyber resiliency” is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” Because no cybersecurity solution is infallible, cyber resiliency as an addition to a security approach is valuable in that it helps mitigate damage from cyber-attacks so operations can continue, and the possibility of interruption is reduced.
Benefits of cyber resiliency
Integrating cyber resiliency into an existing cybersecurity strategy, or as part of a new strategy, provides businesses with significant advantages:
- Cyber resiliency reduces potential costs associated with cyber-attacks. According to Deloitte, even a low-end cyber-attack costing a cybercriminal $34 per month could return $25K, while more expensive attacks costing a few thousand dollars could return as much as $1M per month. IBM estimates that the average cost of a data breach is $3.86M.
- Cyber resiliency assists in compliance with legal regulations. A strong example of this is the Network and Information Systems Directive which necessitates every business “take appropriate security measures and to notify serious incidents to the relevant national authority.” Also, consider the General Data Protection Regulation that vows to protect data privacy and restructure the way organizations approach it.
- Cyber resiliency safeguards an organization’s reputation. An untarnished reputation lessens negative scrutiny, costly fines, a detrimental impact on securing new business and retaining business and the damaging of supplier relations. Not only will this negate an issue of trust and competency, but also eliminate any concerns to the protection of critical assets.
7 steps to improve your Cyber resiliency integration
Once the benefits of cyber resiliency are communicated to IT decision makers and buy-in has been established, the following seven steps will set you on the path to an improved cybersecurity strategy as outlined by the National Institute of Standards and Technology (NIST).
- Step 1: Improve segmentation between systems based on criticality and trustworthiness. It is important to limit the number of targets that could potentially and easily spread malware.
- Step 2: Provide multiple protected instances of critical resources. This will help decrease having to deal with the consequences of lost information or services. Be sure your organization can facilitate recovery from the effects of a cyber-attack and can reduce the amount of time during which critical services are limited, or even denied.
- Step 3: Restrict privileges based on attributes of users and their workflow. It is important for businesses to lessen the possibility that actions by authorized employees will compromise information or services, likely unintentionally. Require that employees invest more time and effort in obtaining credentials, which will decrease an adversary’s ability
to take full advantage of those credentials.
- Step 4: Distribute and dynamically relocate functionality or system resources. Take steps to ensure your business can swiftly recover from non-adversarial events and that you are able to diminish an adversary’s ability to locate, eliminate or corrupt critical assets. The adversary will also have to spend more time finding those assets, which will likely reveal its intentions more quickly to an organization.
- Step 5: Coordinate protection across the different layers/resources. Having these in place will require an adversary to put forth a great deal of effort to access the critical information/assets they seek which will increase the detection of the adversary. However, make sure that the use of any given protection mechanism does not create adverse, unintended consequences by interfering with other protection mechanisms.
- Step 6: Monitor and analyze a wide range of properties and behaviors. Ongoing efforts towards monitoring and analysis allows organizations to maximize on detection of potential adverse conditions, as well as reveal the extent of potential or actual damage. Data will help support improved situational awareness.
- Step 7: Implement agile cyber courses of action to manage risks. Enhance your company’s ability to respond to cyber-attacks in a timely and appropriate manner to ensure business operations are uninterrupted and destabilization is avoided.