6 steps to achieve cyber resilience

1. Slogging through the aftermath of a breach

Data breaches and cyberattacks are now commonplace. Although the scope, severity and cost of an event varies by incident, even the smallest of them can be detrimental to a business that is unprepared. With no guaranteed way to prevent these incidents, businesses must focus on creating a more resilient operation that can withstand the damage of an attack and quickly get back to business. Armond Caglar at TSC Advantage talks about what it means to be resilient in the age of data breaches and how at-risk companies can achieve cyber resilience.

2. The ability to accurately assess risk

To be resilient, a company must first understand its unique threat landscape via a holistic risk assessment that considers the multitude of technical and non-technical ways in which creative adversaries target sensitive intellectual assets or customer privacy data. Too many organizations overlook more subliminal sources of cyberrisk presented by inadvertent and deliberate insider threat, foreign business travel and business dependencies, such as from vendors or suppliers. A comprehensive risk assessment can identify these and other priority areas within an enterprise and help align security resources against those identified weaknesses.

3. Adopting mature cybersecurity practices

For obvious reasons, the cybersecurity market is booming. While there are serious benefits in deploying certain technical sensors designed to detect and respond to advanced persistent threats and other remote access attacks, hardware and software deployments are not a panacea since technology controls still require human beings – by nature fallible – to consistently follow policies, procedures and guidelines for enterprise security to be achieved. Resilient cybersecurity organizations know that security is neither a single act, nor a vendor sensor; it is the collection of activities that harmonizes corporate investments in people, process and technology fused with an awareness of the evolving trends in adversarial tradecraft.

4. Planning for the worst

A company’s ability to shorten an attack window, continue operations and get back to business quickly following an attack is the essence of a resilient organization. While data loss is expected, it’s the severity of the data loss that will impact the company’s business, damage its brand and erode investor confidence. Resiliency, afforded by mature security practices, is becoming a requirement for boards of directors, partners and customers, as well as cyberinsurance underwriters during pre-binding risk analysis of a potential insured. Although not a replacement for proactive, holistic security measures, cyber insurance containing sizable inclusions can help offset monetary liability and allow a company to return to business quickly.

5. Protecting against hidden risk of third-party vendors and business associates

Security-conscious organizations understand how threats to data security can originate from multiple sources and directions, including from trusted third parties, such as vendors, partners and other associates. A poor cybersecurity posture at such an organization may serve as the original source of infection for an attack that is targeting a completely different company altogether. Consider Target, for example. Although the retail giant had invested considerably in traditional data security controls, the company was largely unaware of vulnerabilities that could originate from one of its trusted partners – a HVAC vendor – via its access to Target’s external billing system and online project management portal.

6. Minimizing the risk of internal threats and malicious employees

There are countless tools that will help defeat viruses and other malware, prevent unauthorized access and detect and monitor data exfiltration. But resilient companies understand that threats to sensitive digital assets often originate from less technical means, such as the simple actions of trusted insiders. According to Vormetric’s insider threat report, 55 percent of organizations said privileged users posed the biggest threat to corporate data, yet only 11 percent believe their organizations are safe from insider threats. Resilient companies know that risk from insider threat can be downgraded through a mix of technical solutions, policies, such as those limiting the use of removable media, proper termination protocols and awareness of the behavioral precursors that insider threats will likely exhibit.