Cyber resilience: Operational safety net for businesses

By: Sean Pike

Read the IDC white paper,Five Key Technologies for Enabling a Cyber Resilience Framework.”

Digital transformation is challenging traditional views of business resilience.

As businesses adopt new technologies, their protection and recovery strategies must change accordingly to keep pace as traditional practices were not designed to address the impacts of cyber-related incidents. These strategies must include stronger and more varied security mechanisms, but they must also include ways to recover quickly should a breach or an incident occur. In effect, such strategies should consider cyber-resilience practices so that businesses can best protect themselves against attacks.

Cyber-resilience is not a single technology, but combines the best practices from IT security, business continuity, recovery, and other disciplines to create a business strategy more in line with the needs and goals of today’s digital business. Cyber-resilience is particularly critical now given that digital transformation breaks down the traditional safeguards between enterprises and participants in the global economy. Essentially, business-enabling technologies serve as gateways to risk, attack, and failure. Traditional data protection and recovery environments are often targeted by such attacks.

Therefore, cyber-resilience is of paramount concern for security professionals as well as for those responsible for business continuity and risk management planning. Fundamentally, cyber-resilience is a discipline focused on improving an organization’s cyber-response capabilities from initial event detection and recovery to continual process improvement. Traditional business continuity strategies focused on system failures and outages simply must evolve today given the sophistication of the threat environment and the potential devastation a cyberattack can have on business. Instead, business continuity strategies must focus on cyber-based threats that maliciously target an organization’s data – which is not likely to be protected by traditional recovery procedures for system outages – to maintain continuous business operations versus simply having an IT environment running but not operational given the impacts of an attack.

Such malicious attacks are becoming increasingly common.  A recent IDC survey, revealed that more than half of the respondents had experienced a DDoS attack that lasted from 5 to 24 hours. Another 8% of respondents had experienced an attack that lasted between 1 and 7 days. Most alarming: 6% of respondents were victims of attacks that lasted for 8 days or more.  Considering that the “average” cost of downtime exceeds $200,000 per hour, attacks can be expensive as well as disruptive – and this doesn’t include reputational cost and long-term brand damage that might occur from an embarrassing and high-profile breach.

The number of advanced attacks is also on the rise in which attacks remain undetected for more than 200 days. The elapsed time allows malware to propagate throughout the system, making the malware extremely difficult to eradicate after detection.

Recent attacks have proven that traditional backup, disaster recovery and malware detection are insufficient protections against modern threats.

Today’s threat landscape demands an integrated solution that spans the cybersecurity lifecycle. Organizations must create a strategy that addresses each phase of the lifecycle, while ensuring the stages between defense and detection and response and recovery are shortened in order to build a robust cyber-resilience capability. A cyber-resilience framework is designed to help organizations withstand attacks. Rather than a single layer of protection or product, cyber-resilience is a way for organizations to structure their defenses such that no one event is catastrophic. Cyber-resilience is an iterative process that provides the means of recovery from an attack. As such, an effective cyber resilience framework will encompass five comprehensive and integrated activities: identify, protect, detect, respond and recover. Cyber-resilience integrates security and continuity into the business itself, allowing for the five activities to be present in all areas of the business.

A cyber-resilience framework must be implemented via the careful selection of technologies and processes. There is no one product that can create an end-to-end cyber-resilient environment, but there are key technologies that an organization can implement to address the potential of business disruption from a cyberattack. The five technologies and processes include automation and orchestration; air gapping; write once/read many (WORM) immutable storage; point-in-time copies and data verification; and regulatory compliance and assurance.

Cyber-resilience is a key component to digital transformation. To mitigate the risks posed by today’s sophisticated and malicious attacks, organizations must implement comprehensive strategies that include stronger and more varied security mechanisms, as well as ways to recover quickly should a breach or an incident occur. While cyberattacks may be inevitable, a resilient organization is one that can quickly adapt and recover from attacks.

To learn more about how cyber-resilience practices can help enterprises defend against and recover from a breach or failure, download the IDC white paper, “Five Key Technologies for Enabling a Cyber Resilience Framework.”

Topics: , , ,

About The Author

Sean Pike

Program Vice President for IDC's Security Products group

Mr. Pike provides competitive intelligence, strategic advisory, and thought leadership for security, data protection, governance, risk, compliance, and legal discovery technology and solutions. He examines the implications of emerging technology, legal and regulatory developments, and the threat landscape on organizations’ risk and compliance programs, information governance and data privacy initiatives, and legal discovery efforts. He... Read more