Secret IT Engineer

The fact is that threats from a cyber attack are WHEN more than IF an organisation will be breached, so with this in mind Cyber Resilience should be part of wider business plans and strategies.

A successful Cyberattack comes with financial, operational, reputational and legal risks that can disrupt normal operations or worse, make them cease.  With the incidence of successful cyber attacks rising every day in every industry, cyber resilience comes to the fore.

you can mitigate the impact of cyberattacks by having a solid process for evaluating potential threats and defending against them.  This involves comprehensive planning for incident response, business continuity and business planning.  Focus on understanding for a few of the highest-risk scenarios and invest in minimizing risk and preparing to recover.

Cyber Resilience is the next step for Cybersecurity, Cyber resilience is part of a business’s risk management strategy and should involve the highest level of C-Suite.

There are Five Elements of Cyber Resilience:

• 1. Assessment of Cyber-Related Risks
• 2. Mitigation of the risks of successful cyber attacks
• 3. incident Response Plan
• 4 Business Continuity Plan
• 5 Business Recovery Plan

Risk Assessments calculate the likelihood of an incident occurring and the impact it might have on the business, it could be indirect (Lost clients, Revenue or reputation) as-well as the recovery costs.

To understand your organisations unique cyber risks, identification of where the assets are maintained.  This may include computers and devices, servers, datacentres, software and 3rd party service-providers.  Consideration should also be given to existing mitigation and response tools, techniques and strategies, such as Firewalls, Ransomware blocks and physical security & phishing training for employees.

it’s impossible to stop every threat all in one go, layers of mitigation are going to be needed.  make a list of 20 potential threats, the library of Cyber Resilience Metrics might help (https://www.betaalvereniging.nl/wp-content/uploads/Library-of-Cyber-Resilience-Metrics-Shared-Research-Program-Cybersecurity.pdf).  Obviously there is such a thing as risk appetite, each organisation will have a different risk profile.

Address high and moderate risks first, explore risk treatment options to reduce the likelihood or impact if the threat is realised.

Many companies have incident response plans that inform their immediate actions after various types of cyberattacks, cyber resilience also requires details business continuity and recovery plans.  As a recap, a comprehensive response, continuity and recovery plan should include:

• How to maintain and deploy redundant databases, servers, application instances and other assets
• Whether to prioritise internal or customer facing recovery
• How to engage with 3rd party providers or consumers (not only customers)
• How to restore the company reputation after a breach
• How response speed will affect business
• Whether the insurance provider will have a role in the incident response
• legal, regulatory & contractual requirements, especially related to breaches of personal, confidential or sensitive data.

Using an external professional can help in a number of ways.  Few organisations have an internal team or leader who can understand both the business and IT risks inherent with cyber attacks.  Even for those that do, BAU workloads rarely allow the time to lead risk assessment & planning tasks.  Outside professionals also have no concerns for reputation or internal politics and will work in a more factual arena.

In addition to being an outsider, the professional will have wider experience in the same or different business vertical, will be experienced with a wide range of threats and recovery scenarios learning with each and every project.  having been through the experience beforehand will mean that the list of documentation and information required to complete the planning in a timely fashion is more likely.

A successful cyber attack comes with financial, operation, reputational impacts along with legal risks, which can disrupt normal operations – or worse.  With the incidence of successful cyber attacks rising in nearly every industry, it is time to move beyond cyber security into cyber resilience.

You can mitigate the impact of a cyber attack by having solid process for evaluating potential threats and defending against them.  This involved comprehensive planning for incident response, business continuity, and business planning.  focus on understanding for a few of the highest-risk scenarios, and invest in minimizing risk and preparing to recover.

The library of cyber resilience has a framework which was based upon Lockheed Martin’s Cyber Kill Chain, which reflects an organisations readiness for Targeted Cyber Attacks, otherwise known as Advanced Persistent Threats (APT’s) and the cyber kill chain is a widely recognised model for attacks like these.