If something is resilient, that means that it is able to withstand or recover quickly from difficult conditions. The same is true with cyber security. If a business is cyber resilient, it means that if a business interruption occurred due to digital hacking or internal actions that led to digital vulnerabilities, then the business would be able to withstand the issue and recover quickly from it. With the vast number of potential cyber-related attacks, including password theft, phishing, ransomware, and many more, it is vital that companies make a plan for cyber security as well as cyber resilience. Cyber resilience brings together information security, business continuity, and organizational resilience. Backups and disaster recovery are important parts of the response system that will help the business maintain or recovery normal business operations.
Cyber resilience is for the management of risk rather than the elimination of risk. Risks can never be fully eliminated, so it is more effective to concentrate on a proactive response to a cyber security threat. Because cyber security threats are often unpredictable or preventable, having a plan of action cyber resilience enables entities to detect and respond to incidents quickly, as well as effectively handle any consequences related to the incident.
There are multiple cyber resilience frameworks, but two of the most popular frameworks include the Department of Homeland Securities’ Cyber Resilience Review (CRR) assessment and a 5 pillar program created by Symantec Corporation.
The CRR assessment is an assessment of a business’s operational and cybersecurity practices. The assessment includes examination of the following 8 domains:
1. Asset Management
2. Controls Management
3. Configuration and Change Management
4. Vulnerability Management
5. Incident Management
6. Service Continuity Management
7. Risk Management
8. External Dependency Management
9. Training and Awareness
10. Situational Awareness
Each domain is scored using a set of Maturity Indicator Level (MIL) questions, which includes five different levels: MIL1-Incomplete, MIL2-Performed, MIL3-Managed, MIL4-Measured, and MIL5-Defined. The organizations practice, goal, domain, and MIL levels are all measured with the CRR. The scoring system notates
1. Whether the practices can be observed as either performed, incomplete, or not performed
2. That a domain goal is achieved only when all of the practices for the goal are achieved
3. That a domain is achieved only when all domain goals are achieved
The assessment is free of charge and is available as either a printable self-assessment, or the business may choose to have a DHS representative come on-site for an in-person assessment.
For the Symantec program, the five pillars include the following:
1. Prepare/Identify: In order to prepare for an attack, one must thoroughly know and understand the potential risks related to the business and the organizations security. Analyzing potential security vulnerabilities is a key step in this process.
2. Protect: As a safeguard, measures and security should be put in place to contain an attack to minimize its effect on the business.
3. Detect: To detect a breach, the company must be able to quickly identify when one has occurred and also be able to quickly to action. This may include systems, processes, procedures, etc.
4. Respond: Once an attack is detected, a plan must be put in motion to respond to the attack in order to resolve it. This plan should be created well in advance, before an attack occurs.
5. Recover: Once the attack is minimized, the process to recover all systems, data, and services must take effect in order to keep operations running smoothly.
The difference between cyber security and cyber resilience is this: cyber security focuses on using technologies and techniques to reduce the likelihood of an attack. Cyber resilience, on the other hand, recognizes that attacks may not always be prevented and focuses on the need for a quick and effective detection and response plan. Cyber resilience allows the business to take a more hands-on, agile approach to handling security threats and allows the business to be more proactive in its handling of cyber-attacks.
Cyber resilience can be achieved by maintaining system hygiene, developing a plan of action for potential attacks, documenting risks, patches, and vulnerabilities, assess potential losses, implement risk mitigation services and techniques, obtain cyber insurance as a secondary course of action if a cyber event causes great damages, and make the process iterative and ongoing.