How to achieve cyber resilience
Cyber resilience is similar to business resilience -- both attempt to help an organization adapt quickly as it responds to disruptive events. The components underpinning cyber resilience must first be understood before they can be managed, maintained and improved.
To achieve cyber resilience and build a strong cyber resilience strategy, organizations should do the following.
1. Get input
Ask senior leaders across the organization to define what cyber resilience means for them. Their input helps identify the most important business activities to management.
2. Identify essential operational activities
Using the input gathered, identify what is needed for the organization to produce its product and services.Perform a business impact analysis (BIA) to identify mission-critical business processes and the people, processes, technologies and facility resources needed to enable those processes, as well as the potential impact to the organization if a cyber attack interrupts those processes. If an existing BIA report is available, use results from that report, and determine how a cyber attack may or may not derail business process identified in the BIA.Use the BIA research to determine resilience components -- the priorities that must be returned to normal operation as soon as possible after a cyber attack. This ensures the organization can bounce back from an incident as quickly as possible.
3. Perform a risk analysis
A risk analysis based on a BIA can identify the most likely internal and external cyber threats to the organization's ability to conduct business. Use threat and vulnerability analyses to identify weaknesses -- such as an insecure network perimeter -- that could increase the risk of a cyber attack. Conduct penetration tests to identify potential cyber vulnerabilities.
4. Prevent cyber attacks
Determine strategies, based on the above activities, to minimize the likelihood of a cyber attack occurring. Such activities may include deploying specialized antimalware software, updating firewall rules and launching an intrusion prevention system.In addition, evaluate additional strategies, such as training IT staff about the most effective ways to deal with cyber attacks and educating employees about the dangers of an attack. Also, ensure backup copies of all mission-critical assets are available.
5. Build and enact a cyber resilience plan
Structure an effective cyber resilience strategy to ensure critical operational activities can be recovered and returned to normal operation.Use cybersecurity and DR plans to maintain IT resilience and prevent unauthorized access by cyber threat actors. Bring back mission-critical systems to full operation as quickly as possible.
Enhance cybersecurity and DR plans with incident response plans to manage the initial response to a cyber attack. Understand each of these plans complements the other; they should work together rather than at cross-purposes.
Cybersecurity, DR and incident response plans must ensure disparate network elements can be quickly recovered, tested for proper operation and put back into production. Be sure to do the following:
6. Document and ensure availability
Verify procedures to recover operational components are documented, stored in secure locations and available electronically for maximum speed of access. Also, confirm general operational procedures for mission-critical systems are available in case primary operators are not available and other employees must step in to operate these systems.
7. Test and update
Ensure cyber resilience procedures governing mission-critical company assets and business operations are regularly tested and updated.
Update plans and procedures based on changes in business operations and the results of exercises. Also, patch applications and systems when new updates or patches are available.
In addition, be sure to regularly brief senior management on the state of the organization's cyber resilience.
