Light Dark
December 12, 2014 By Brian Honan 3 min read
Incident Response
CISO

Cyber attacks are inevitable but they should not cause your business to suffer. Having an effective cyber resilient program in place will enable your business to continue even in the middle of a cyber attack. In the past few weeks the news has been awash regarding the security breach at Sony Pictures, which resulted in staff being instructed to use pen and paper to do their work and not to use their computers. All VPNS, remote access, networks, and computer systems within Sony Pictures were offline for over a week while the breach was dealt with. At the same time, the attackers released gigabytes of information belonging to Sony Pictures onto the Internet. This is a prime example of a how a cyber-attack can bring a business to its knees and how not being cyber resilient can aggravate the impact of a cyber-attack.

Cyber resilience is ensuring the business understands the impact of a potential cyber-attack and the steps required for the business to prevent, survive and recover from such an attack. In essence, it is moving cyber security away from a purely technical focused discipline into a more business and risk management point-of-view. This requires the technical security people who would traditionally focus on point solutions to specific technical threats to translate the potential impact of security incidents into terms and language that business and nontechnical people will understand. Most businesses operate on the principle of risk, every business decision involves an element of risk. Sometimes the result of that risk is positive, for example increased sales, or it may be negative such as loss of market share.

Traditionally, technical people look at issues in a very black or white way, it either works or it does not work, it is secure or not secure. Cyber resilience involves a change in mindset whereby you look to identify how secure the business needs to be in order to survive. This is a challenge for both the technical and nontechnical people. For business people, it requires that they get involved in the decision making process regarding cyber security by identifying what the critical assets to the business are and how valuable they are to the business. The risks to those assets then need to be identified and quantified so that measures can be put into place to reduce the levels of risk against those assets to a level that is acceptable to the business. So instead of a checklist approach to security, or an all or nothing approach, decisions are more focused on what the business needs and investment can be best directed to the more appropriate areas.

I often compare cyber resilience to how kings protected their crown jewels in the Middle Ages. The keep at the center of the castle grounds was where the most valuable assets were kept. The keep itself was placed in a very defendable position within the castle walls. Those castle walls were defended in turn by moats, turrets, and drawbridges. Outside the castle walls were where the villagers and farmers lived. In the event of an attack the king would raise the drawbridge leaving those outside open to attack, but these were acceptable losses to protect the crown jewels. Even if the castle walls were breached, the crown jewels would remain protected within the keep. In today’s security landscape businesses need to identify what their crown jewels are and protect them accordingly. Similarly they also need to identify what should remain within the village, or even within the castle walls, and be prepared to lose those in the event of a major cyber-attack.

Effective cyber-resilience requires rigorous and regular risk assessment exercises, particularly as today the business environments, technology, and cyber-threats change so quickly. These risk assessments should be supported by good security policies outlining what the required security controls are to manage the risks identified. An effective incident response plan is also a critical element of cyber resilience, this plan should cover various types of attacks and how the organization should react to them. As with all plans, regular testing is essential to ensure the plan works and that the business survives in the heat of a real attack. To be fully resilient an organization should integrate their incident response plan with their Business Continuity Plans (BCP) so that in the event of a major security breach the business can continue to operate in BCP mode while dealing with the breach.

Having good cyber resilience in place won’t prevent a security breach from happening, but good cyber resilience will prevent the business from stopping should a security breach occur.

 |  |  |  | 
Brian Honan
CEO, BH Consulting

More from Incident Response
October 6, 2023

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

September 27, 2023

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that…

August 31, 2023

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature