Part 1 touched on cyber resilience definitions and basics. Now, let build a cyber resilience framework and fine-tune it optimally…

In this second part, let us examine what a cyber resilience framework looks like, and the steps and challenges organizations can take to achieve it.

First, let us examine the challenges to achieving cyber resilienceso thatthese can be factored-in during framework building.

Despite the growing need for comprehensive threat protection, many organizations struggle to achieve cyber resilience. This is due to several reasons, including:

    • Limited visibility: To become cyber resilient, businesses need real-time visibility across all IT assets and critical infrastructure. However, silos often exist between teams, data storage systems and applications. This leads to visibility gaps that can make it difficult to identify emerging threats and vulnerabilities.
    • Poor understanding of security controls: Cybersecurity teams may not fully master the effectiveness of their existing controls, and struggle to keep pace with ever-evolving attacker methods. As a result, many security leaders lack confidence in their ability to protect their organizations from cyberattacks.
    • Lack of automation: Firms that still rely on manual risk identification and mitigation processes tend to respond to information more slowly and less effectively than teams using automated platforms. They also are more likely to make mistakes.
    • Legacy systems and applications: Not all organizations are up to speed with the latest systems and applications: many still rely on a slew of legacy systems. Timely updating of systems and applying patches are best practices, but these operational maintenance activities often require advance scheduling or a shutdown and, as a consequence, they are frequently delayed: not great for cyber resilience.
    • Insider risks: Security teams often focus on protecting their assets from external threats only. In fact, some data show that 66% of all cyberattacks involve an insider. To achieve cyber resilience, security teams must require authentication, continuous validation and session monitoring when granting people privileged access to applications and data, even to current employees.

Best practices for improving cyber resilience

Since every organization is unique and has specific requirements, there is no single solution for ensuring cyber resilience. There are, however, multiple cyber resilience frameworks to help organizations prepare for incoming cyberattacks and protect infrastructure, data and information systems. They include recommendations covering high-level aspects of cyber resilience throughout the cybersecurity lifecycle, such as:

    • Manage and protect: Identify high-value assets and their associated risks, and target areas for improvement through audits and testing.
    • Identify and detect: Close the gap on cyber risks by developing controls based on unique requirements, risk profiles and business environments.
    • Respond and recover: Ensure an organization can perform under pressure and demonstrate agility during incident response. This way, it can successfully recover and restore operations following an incident.
    • Govern and assure: Finally, engage and align executives and stakeholders with the cyber resilience strategy as it helps collect feedback, discuss best practices and eliminate confusion.
Joseph Carson, Chief Security Scientist, Delinea

Steps to achieving cyber resilience

An enterprise-wide shift in strategy and an ongoing commitment from all internal stakeholders is needed, via the following steps.

    1. Build and align a cross-functional leadership team
      Being cyber resilient means that everyone in the organization understands the importance of security and data protection and is involved in the process. The key is building a strong cybersecurity culture: one where all users are aware of how their actions impact the organization. Start by creating a cross-functional leadership team to oversee cybersecurity planning and response. This may include security leaders, C-level executives, engineers, developers, data management, security operations, IT operations and incident response teams.
    2. Map your risk profile to established frameworks
      When building a cyber resilience strategy, align with best-in-class cybersecurity frameworks and other regulatory and compliance requirements like the Essential Eight while still developing a plan that meets your organization’s unique needs.
    3. Create a roadmap and resource plan
      Using your resilience framework as a guide, craft your cyber resilience strategy, ensuring it is connected to the organization’s overall business objectives. Set a realistic goal for your future state and the milestones to reach it. Consider also how to maximize the value of resources. Cybersecurity analysts and operations teams spending time responding to trouble tickets instead of performing high-value work is an inefficient allocation of resources, and a waste of valuable insights and skills.
      Re-directing these employees where they will provide the most value, like forensics and incident response, not only represents a more effective use of resources, but it can also improve engagement and reduce staff turnover. Firms that lack internal support can consider outsourcing security operations to a third-party managed security services provider.
    4. Leverage the Cloud
      Cloud-native systems allow organizations to quickly respond to changes in demand, allocate additional resources when needed, and easily scale them down when not needed — which helps reduce the attack surface. Cloud-native systems are also designed to be resilient to failures, and often include features such as automatic failover, backup and recovery, and data replication, which help to ensure that data and applications remain available and secure even in the event of a security incident.
      While the cloud can exponentially improve cyber resilience, it also requires careful access management and monitoring to safeguard data and ensure only authorized users can access the resources. During cyber resilience planning, pay special attention to any sensitive data sitting in cloud systems; use vulnerability scanning and penetration testing to identify vulnerabilities and potential misconfigurations in both cloud systems and applications that can lead to data breaches.
    5. Make sure passwords, secrets and keys are available in an emergency
      Imagine a data center or cloud platform housing your enterprise password vault is inaccessible due to a cyberattack! Ensure your system has provisions for such contingencies so that you can continue to access systems securely, even while under attack. This multi-layered approach helps to ensure that if one layer of security is breached, there are additional layers in place to protect data and applications.
    6. Automate and orchestrate manual processes
      Security automation technologies help teams move faster and more effectively during attacks. To improve cyber resilience, firms may consider using automation services like seamless privileged access, endpoint detection and response (EDR), identity access management (IAM), security information and event management (SIEM), and security orchestration, automation and response (SOAR). It is also important to automate notifications and alerting. By doing so, security teams can easily work together more efficiently. Alerts can ensure teams stay in the loop about emerging security events and are positioned to respond immediately.
    7. Develop and test your incident response plan
      Security profiles change daily, so it is critical to regularly test and optimize your cyber resilience strategy. When testing, it is a good idea to assess and measure incident response performance and look for potential gaps and inconsistencies. This way, you can ensure your incident response plan is fully functional when it is activated.