While the difference between cyber-security and cyber-resilience might not be obvious to some, the implications of failing to address both are significant. In simple terms, cyber-security describes an organization’s ability to protect themselves from security threats, such as malware, phishing, DDoS, SQL injection and insider threats.
Cyber-resilience, on the other hand, focuses more on damage limitation and remediation, whether that be damage to an organization’s systems, finances or reputation.
Of the two, we tend to focus more on cyber-security than cyber-resilience. Most large organizations will have policies in place, such as password policies, remote access policies, acceptable use policies and email and communication policies.
They will also utilize a number of threat detection technologies, such as anti-virus software, firewalls, intrusion prevention systems, and solutions that can detect and respond to anomalous user activity. However, relatively few have a tried and tested incident response plan (IRP) in place.
This is not surprising, as “prevention is better than cure”. However, given that organizations spend on average $3.86 million recovering from security incidents, the latter is becoming increasingly more important.
We must also accept the fact that no cyber-security strategy is perfect. Even if your policies have been carefully considered, and you have the latest and greatest threat detection technologies that money can buy, a significant number of security incidents are caused by human error, which we can’t find a simple solution for.
The threat landscape is constantly evolving. Social engineering techniques are becoming increasingly more sophisticated – leveraging technologies such as AI to better impersonate company executives. As they say, it’s not a question if, but when, a security incident will unfold, and we need a robust damage limitation strategy in place to help us sail through the storm without sinking. Now that we have a better understanding of the difference between cyber-security and cyber-resilience, let’s take a closer look at how they work in practice.
What is Cyber-Security?
In order to have an effective cyber-security strategy, you should have at least some of the following in place:
- You should have policies that deal with remote access, internet access, passwords, encryption, BYOD, email and communication, and more.
- All employees should be familiar with the policies, know where to find them, and are trained to comply with them.
- In addition to having a strong password policy in place, you should be using multi-factor authentication whenever possible.
- Patches and updates should be installed on all endpoints in a timely manner – preferably via an automated patch management solution.
- You should have a carefully selected suite of security technologies, which might include AV, SIEM, UBA, DLP, IPS, VPN software, and a commercial-grade firewall. You may also want to install vulnerability scanning or penetration testing software.
- You should be encrypting sensitive data, both at rest and in transit.
- You should be adhering to the Principal of Least Privilege (PoLP), to ensure that employees are granted the least privileges they need to carry out their role.
- You should know exactly what sensitive data you have, and where it is located.
- You should be monitoring all access to privileged accounts and sensitive data, and are able to quickly determine who has access to what data, when, how, and why.
- All public facing web forms should be thoroughly tested for vulnerabilities to prevent SQL injection and cross-site scripting attacks.
- You should be controlling and monitoring physical access to your data using ID badges, locks, alarms, CCTV cameras, etc.
What is Cyber-Resilience?
The first thing you will need to do is familiarize yourself with the six stages of incident response, which include preparation, identification, containment, eradication, recovery and lessons learned. Understanding these steps will help you to develop a comprehensive incident response plan (IRP). A complete breakdown of these stages is beyond the scope of this article, however, in order to limit the damage caused by a security incident and recover in a timely manner, you should have clear and accessible documentation relating to the following;
- What needs to be done in the event of a security incident. This might include scanning for vulnerabilities, reviewing event logs, conducting a traffic analysis, restoring backups, and so on.
- The individuals that are responsible for initiating and executing the incident response plan.
- The protocols for communicating with the relevant stakeholders, authorities, and possibly even the press.
- The protocols for assessing both the impact and potential impact of a security incident. You will need to prioritize the assessment based on your most valuable assets. It’s a good idea to use a data discovery and classification solution to ensure that you know exactly what sensitive data you have, and where it is located.
- The data privacy regulations that are relevant to your industry. In order to protect your organization from any fines and laws suits, you need to ensure that you understand the regulations that apply to your industry and have taken the necessary steps to ensure that you are compliant.
Both cyber-security and cyber-resilience require an investment of time, effort and resources. However, when you take into consideration the potential costs associated with the disruption to your network and business operations, the damage to your reputation and the potential law-suits and fines, you will find that a failure to make such an investment could end up costing you more in long term.
Want to find out just exactly how secure and resilient your organization is against security threats? Schedule your free data risk assessment with Lepide.