Light Dark
July 22, 2021 By David Bisson 3 min read
Incident Response
Risk Management
Security Services

In cybersecurity as in most jobs, problems don’t happen one at a time, you’re bound to have a few at once. Speakers at the RSA Conference 2021 talked about this in terms of maintaining cyber resilience in chaos. So, what does the buzzword ‘cyber resilience’ really mean? And why is it important to be able to embrace chaos in your day-to-day work? 

Cyber attacks are on the rise. Between June 2019 and June 2020, the Ponemon Institute observed a 64% rise in the severity of digital attacks targeting businesses and agencies. It witnessed an even greater increase in the volume of digital attacks during the same period, at 67%.

Even so, none of that prevented defenders from achieving cyber resilience. According to the Ponemon Institute, the proportion of organizations that achieved a high level of cyber resilience increased by more than half from 35% in 2015 to 53% in 2020. The proportion with cybersecurity incident response plans also grew 44% over those five years.

What Is Cyber Resilience?

Cyber resilience means you’re capable of preventing, detecting, containing and responding to a variety of digital threats — at least to some degree. It isn’t binary, after all. It’s a spectrum not only of degree but of aptitude.

Rohit Ghai, CEO of RSA, put it this way in his keynote for RSA Conference 2021:

Being resilient is not good enough. We must be good at resilience. Resilience isn’t just about getting up when you fall. To be good at it, we must fall less often, withstand the fall better and rise up every time.

Ghai’s first point, falling less often, is challenging in light of changing network setups. Just take what’s happened with the cloud as an example. According to IDC, more than a third of organizations purchased over 30 different types of cloud services from 16+ vendors in 2019 alone. (That’s before the events of 2020.)

Such a distributed deployment landscape contributes to a sense of chaos regarding security ownership over different cloud apps and services. It could also explain why organizations don’t always take certain security processes into their own hands. Indeed, two-thirds of respondents in another survey said they relied on their cloud providers to ensure their baseline security, a position which puts themselves at even greater risk of data exfiltration and other attacks. Cyber resilience is a balance between too many tools and too few; too much attention paid to attacks or too little.

A Three-Pronged Approach to Security in Chaos

The chaos referenced above isn’t limited to the cloud. Machine and human actors are learning and working together across multiple environments, both cloud-based and on-premises. In the process, they’re using Internet of Things (IoT) products, containers and an expanding number of devices.

All this makes keeping your data safe more complex. In doing so, it raises an important question: how can you secure chaos?

Ghai gave the answer in his keynote:

You can’t. You don’t. You focus on resilience by embracing chaos. How? One, expect the unexpected. Two, trust no one. And three, compartmentalize failure zones.

How to Cut Down on Chaos

Here’s what cyber resilience looks like in practice. First, you need to have visibility of all your hardware and software, as well as network traffic. Knowing that, you can implement security controls to protect your most critical data and assets. You can then use penetration testing to see how those measures stand up against an actual attack.

As for the second point, some might say those who trust no one have zero trust. In this regard, organizations can use encryption, multi-factor authentication, principle of least privilege and other security controls. Those help build the architecture needed for validating connection attempts on an ongoing basis. It’s important that they also focus on compartmentalizing failure zones as part of their zero-trust efforts. There’s no need for every asset to have access to the entire network, after all. With that in mind, use network segmentation to ensure that a potential device or account compromise doesn’t spread across their entire digital infrastructure.

Chaos isn’t something that defenders can control. It’s a state of nature, and as such, they can choose to fight against it or flow with it. Knowing where you stand with cyber resilience helps. By accepting the latter and embracing chaos, organizations can put themselves into a stable security position where they’re less inclined to fall going forward.

 |  |  |  |  | 
David Bisson
Contributing Editor

More from Incident Response
October 6, 2023

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

September 27, 2023

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that…

August 31, 2023

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature