What is cyber resilience?

As technology becomes more integrated into every aspect of life, cyber adversaries have unlimited opportunities to breach personal and company-related data. Hackers continually innovate new ways to attack even the most sophisticated cyber defenses. Traditional cybersecurity frameworks (such as National Institute of Standards and Technology's controls to identify, detect and respond) focus on hardening defenses and preventing attacks. But given the volume of data and assets to protect, it's no longer possible to eliminate all threats.

Cybersecurity resilience assumes a breach is inevitable and shifts the focus toward a holistic plan to anticipate, withstand, recover and adapt in the event of a catastrophic attack that compromises the entire IT ecosystem. When traditional business continuity and disaster recovery plans fail, a cyber-resilient approach helps organizations maintain mission-critical operations to minimize financial and reputational harm. 

Anticipate critical threats and prevent breaches to build cybersecurity resilience 

The foundation of a cybersecurity resilience strategy begins with anticipating the attacks most likely to harm your organization. By looking at the business through the eyes of an adversary, security teams can predict, prevent and prepare for many threat scenarios. 

The process starts with determining the most business-critical applications and processes, the essential infrastructure that keeps the organization running. These are the assets your cyber resilience strategy and tactics will focus on to ensure business continuity in the event of a cyber attack. For example, a cyber resilient approach would prioritize weak spots in the payroll network — which would have enterprise-wide consequences if it were to be taken out — rather than putting more resources into securing guest Wi-Fi, a comparatively minor aspect of the business' IT ecosystem. 

Within the anticipate pillar, cyber intelligence and threat modeling help security teams proactively gather and analyze information to guide decision-making by identifying:  

• Company assets that are the biggest targets.
• Your organization's most likely adversaries.
• Tactics bad actors could use to exploit vulnerabilities.
• Weaknesses in the third-party supply chain.
• The impact on the business if an attack was successful.

These processes help security teams determine the cost and benefit of addressing each of those threats and prioritize the budget and resources available. 

Practices such as identity and access management, network segmentation, vulnerability assessments, and user awareness training can be crucial to preventing breaches of your enterprise networks. 

Detect and withstand attacks with resilience in cyber  

Once an organization identifies the most likely attacks and biggest threats, the security team must plan how to detect and respond to a breach as quickly as possible and keep essential operations running. 

Playbooks, based on intelligence gathered in the anticipate phase of cybersecurity resilience planning, help define specific courses of action (COAs) to take during an attack. An incident response team with representatives from all key business lines should all have defined roles and action items. Regular tabletop exercise ensures that everyone is aware of their responsibilities and procedures can be updated as needed. 

Endpoint detection and response (EDR) and network detection and response (NDR) tools, along with security information and event monitoring (SIEM) platforms, use artificial intelligence (AI) and machine learning (ML) to detect advanced threats early and can help security teams limit damage. In the midst of a breach, cyber deception tactics like honey pots can help lure adversaries away from valuable targets.

Recover data and applications with cyber vault

Many organizations have business continuity (BC) and disaster recovery (DR) plans in place that can restore data after a power outage or natural disaster. These plans are generally very broad and built for scenarios in which a single incident takes out a subset of applications, services or data. 

In the case of a catastrophic cyber attack such as ransomware, the entire IT ecosystem is at risk and organizations need the ability not only to restore data, but also the infrastructure needed to perform critical business functions, including applications, platforms, networks, account access, database services and access to cloud systems. 

When traditional DR plans fail, often due to malware infections of data systems, the data protection team needs to determine damages, restore capabilities and determine the reliability of the information recovered. A cyber vault can recover a recent and clean copy of these business-critical services and data. Cyber vault solutions create offsite duplicates to restore Active Directory (AD), Key Management Systems (KMS), Public Key Infrastructure (PKI), Domain Name System (DNS), VPNs, firewalls and authentication.

Adapt and evolve your cybersecurity resilience best practices

After an attack, cyber resilient organizations analyze their response to adapt and improve their security approach for the future. Did cyber operations react effectively and efficiently? What systems or processes need to be re-architected from both technical and business perspective? 

This post-incident review may also involve phasing out legacy technology, re-examining which critical applications should move to the cloud and which should stay in the on-premise data center, and examining and adjusting security controls. Conducting regular risk assessments and monitoring emerging threats can also help shape your response. 

Based on this intelligence, update all cybersecurity resilience incident response plans, COAs and procedures accordingly.

Cyber resiliency and cyber recovery services

Determining where to start the cyber resiliency strategy can be overwhelming. If you're struggling to build an effective detection or recovery solution, WWT can help. 

With the combined experience of our cybersecurity team, along with experts from automation and data teams, WWT can help organizations build holistic cyber resiliency strategy and cyber vault solutions validated with proof-of-concept in WWT's Advanced Technology Center.