In a world of endless cyber threats and persistent attacks, cyber security simply isn’t enough. Organizations shouldn’t be asking what to do IF an attack happens, but what to do WHEN it inevitably does. And this is where cyber resilience comes into play.
If cyber security protects businesses from cyber attacks, cyber resillience ensures their operations continue if the attacks do happen.
What is Cyber Resilience?
Not only cyber attacks are skyrocketing, but the incidents can also be unintentional (mistakes from employers, failed software updates …). It’s vital organizations start thinking differently and move from cyber security to cyber resilience.
While cyber security consists of measures to protect from cyber attacks, cyber resilience goes further. Cyber resilience helps organizations not only to protect from attacks, but also to prepare and defend against them, limit the damage they bring, and recover from them. Most importantly, it assures an organization keeps functioning when security breaches happen, so they don’t disrupt and damage business operations.
It’s all about anticipating: identify, protect, detect, respond, recover
Since the question isn’t ‘what if’ anymore, but ‘what when’, preparation is vital. Organizations need a concrete plan of action for when an attack happens. A company is cyber resilient if it can successfully manage cyber incidents or attacks while continuing to operate normally – the incident doesn’t bring an entire business to halt.
And the phases of a successful cyber resilience strategy are:
- identify: understanding an organization’s environment and identify all possible cyber risks and exposures with an extensive evaluation of the infrastructure, data, and security gaps;
- protect: having effective protective measures in place to minimize the risks;
- detect: continuous monitoring to quickly detect anomalies, potential data breaches, leaks, incidents, and activities that can’t be blocked;
- react: having a response plan to instantly contact activities to eliminate the incident;
- recover: having a concrete plan of activities for fast restoration of impaired systems.
Cyber resilience enhances system security, reduces financial losses, improves internal processes, and helps keep the trust of business partners and customers that would inevitably diminish if attacks caused them damage.
Cyber risks are inevitable, but they are also manageable if we have the right strategies.
Cyber resilience framework
To manage risks, identify incidents, and return to normal operations as soon as possible, organizations need a strong multi-tiered strategy - a framework.
An efficient cyber resilience framework consists of information, policies, steps, measures, guidelines, principles, and procedures, that guide them to control, manage, and recover from incidents and attacks. Cyber resilience framework is a strong plan that ensures all operations continue and incidents have minimum impact on the business.
Sounds overwhelming? Don’t worry, you don’t need to start from scratch - there are many efficient frameworks out there and we’re currently working on a brand new one!
Nothing Fishy about it: Cyber Resilience Provisioning Framework
Together with our partners in a research project called FISHY, we’re developing a coordinated framework for cyber resilience provisioning that guarantees a trusted supply chain of ICT systems, built upon distributed, dynamic, and often fundamentally insecure and heterogeneous ICT infrastructures.
The FISHY platform will be able to securely orchestrate a supply chain, consisting of complex ICT systems end-to-end: from the edge and cloud infrastructure and IoT ecosystem to the networking infrastructure. It will also enable risks and vulnerabilities management related functionalities, accountability and mitigation strategies, security metrics, and evidence-based security assurance.
XLAB’s role in the project
Our role in the project is mainly to lead the technology radar with the creation of business models and analysis. We also contribute technical components, supporting real-time metrics related to vulnerability assessment of the IT system as part of the supply chain.