Building cyber resilience: An imperative for surviving today’s and tomorrow’s threats
How confident are you that the business will continue to operate in the event of a cyberattack? What would be the impact? How would you recover from a cyberattack?
Information security and business continuity leaders often face these questions from their chief executive or the board. In all likelihood, they often ask themselves these questions.
In July this year, the borough of Matanuska-Susitna, Alaska, suffered a crippling cyberattack that brought down nearly 500 workstations and 120 of their 150 servers, including email and disaster recovery servers, and phone systems. The borough officially declared a state of emergency, and their workers were forced to return to using typewriters and handwritten receipts. Their IT department is in the process of rebuilding the systems using backups, but they’ve reportedly lost a large amount of data.
This scenario could happen to large organizations with robust security technology and tools. Today’s malware can affect systems and networks even if they are seemingly fully patched, leading to loss or theft of millions of records, high financial costs, regulatory penalties, damaged business reputation and loss of customer trust.
According to the Ponemon Institute’s 2018 Cost of Data Breach Study: Impact of Business Continuity Management, the cost of mega data breaches involving 1 million to 50 million records ranges from $29 million to over $400 million. This doesn’t include the cost of recovery or rebuilding the damaged infrastructure and brand reputation. Additionally, data breaches are more than a financial or operational risk to a specific business organization or industry; participants of the broader economy, whose sentiments depend a lot on confidence, do desire a secure atmosphere to operate.
Managing risks and challenges galore
Most cybersecurity programs continue to be hamstrung by the organization’s traditional perspective of investing in prevention technologies. This is largely due to their inability to fully evaluate the complex landscape of risks and threats – often manifested in deployment of multiple point solutions that generally have a shorter shelf life. This challenge can be aggravated by unintended vulnerabilities that digital transformation, IoT adoption, and hyper-convergence create.
A large number of organizations still have aging infrastructures and processes, which makes it challenging to segment their critical workloads from other workloads using legacy network infrastructure. While many organizations have business continuity and disaster recovery plans, their existing configurations may not allow for easy recovery because they were not designed to be resilient against destructive cyberattacks. In addition, existing incident response plans and playbooks may not be effective against evolving cyber threats.
Let us look at some of the other risks and challenges:
- Cloud migration: The trend of workload migration to cloud is rapid and pervasive. But most organizations face challenges understanding dependencies and prioritizing the data and workloads to protect.
- Shadow IT: The pressure for innovation and faster time to market, BYOD, and simplicity and agility of public cloud experience, coupled with legacy central IT procurement processes, fuel increased use of shadow IT. Gartner predicts that by 2020, one third of all successful attacks on businesses will be against their shadow IT resources.
- Shortage of skills: Many recent studies point to worsening cybersecurity skills shortage that may impact business and government organizations globally.
- Organizational silos: Cybersecurity, business continuity and the teams that own systems and applications are highly siloed and have difficulty collaborating to solve critical problems.
- Boardroom sponsorship: While the board needs access to cyber expertise for budget allocation and risk oversight and governance, security, risk and business continuity leaders often struggle to translate IT risks into a business language the board understands.
Why is it important to build resilience?
Over the past few years, cybersecurity technologies have evolved by leaps and bounds. We are getting better at securing our network perimeters, and threat intelligence today is powered by artificial intelligence (AI). But adversaries are now as equipped and resourceful as legitimate business organizations – and they only need to get it right once, while we need to be right all the time. The Ponemon report also indicates that business organizations face more than a 32 percent likelihood of a material data breach by 2020.
As IT risks landscape continually evolves and breaches are more likely than ever, the strategies and plans to manage those risks and mitigate their impacts must also change. Today we increasingly witness cyberattacks and breaches with devastating and far-reaching consequences. With attacks becoming more malicious and techniques more advanced, businesses need new technologies and practices to survive and adapt to today’s cyber outage scenarios. Traditional recovery plans must change to support these new cyber outage scenarios, and it will require new thinking and teaming between disaster recovery and security teams.
As fragmented approaches to cybersecurity increasingly prove ineffective against emerging threats, a more strategic, cyber resilience-based approach to managing cyber risks is rapidly gaining ground. Cyber resilience is a unified approach combining ongoing cybersecurity with data protection and disaster recovery methods, designed to protect against and rapidly recover from disruptive cyber incidents.
Innovation to help businesses build cyber resilience
With a comprehensive portfolio ranging from advisory services to data protection, resilience orchestration and disaster recovery solutions, IBM has been working closely with our clients, big and small, to help them become truly cyber-resilient. While our cyber resilience capabilities can ensure faster response, disaster recovery and business resumption after a cyber event, our continued investment in technology innovation is aimed to advance these capabilities even further tohelp our clients stay ahead of risks.
The core technology and process building blocks that we provide to help our clients become cyber-resilient include:
- Immutable storage: Unalterable or write-once-read-many (WORM) storage technologies for application data and platform configurations to prevent corruption.
- Air-gapped protection: Network isolation to separate production environments from the storage that contains the protected, backed-up data.
- Configuration data verification: Automated testing and validation to help detect unauthorized changes and ensure the data being protected is clean and recoverable.
- Automation and orchestration: Automation of the end- to-end recovery process based on pre-defined and tested workflows to enable quick restoration.
- Monitoring and reporting: Automated dashboard to monitor data changes, RPO/RTO deviations and snapshot validation status in real-time, and built-in module to generate reports for audit and compliance.
While IT and information security executives are struggling to determine the appropriate technology areas to spend their limited budget on, it is imperative that they take a holistic view of IT risks and build a robust cyber resilience program to keep their business processes and operations functional during and after a cyberattack. With a cyber-resilient environment, IT can be at the forefront of fostering relationships with business leaders and partnering with them to confidently drive their digital transformation journey forward.