WHAT IS CYBER RESILIENCY AND WHAT IS REQUIRED TO BE CYBER RESILIENT

I like to keep up to date with the Cyber/IT industry via websites and LinkedIn. I enjoy the success stories and the latest information coming from vendors and customers. One thing I am not a fan of though is buzz words.?I believe they are unnecessary, overused, and misleading on most occasions.?The latest buzz word seems to be ‘Resiliency’.

?

The NIST definition (https://csrc.nist.gov/glossary/term/cyber_resiliency) for Cyber Resiliency is ‘The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources’.?This definition is very detailed with several very key requirements to consider.?The ability to anticipate, withstand, recover from, and adapt is clearly much greater than what technology alone can achieve, even with tools like AI.?The 60-year-old People/Process/Technology (PPT) frameworks remains as relevant today as it did in the 1960s.

HOW TO BE CYBER RESILIENT

There is no magic bullet or simple solution that will make you Cyber Resilient.?Its an ongoing effort that requires all parts of the PPT framework working together.?At a high level these are the core requirements:

·???????Having protection enabled across your endpoint, network and cloud to stop attacks as best as possible.

·???????Logging and correlating all your logs and commissioning technology that provides high fidelity alerts with far greater context.?It is important to ensure that logs are coming from your entire estate: Endpoint, Cloud and Network for much greater visibility and improved detection.?

·???????Having a well-functioning SoC, whether its inhouse, outsourced or hybrid.

·???????Having access to quality Threat Intelligence.

·???????Ensuring that you have access to experienced Cyber Security experts who really understand digital forensics, especially if you were to be breached.

·???????Regular Cyber training for company employees.

·???????Well documented and understood Cyber Strategy, Policies and Procedures.?

·???????Regular Incident Response Tabletop exercises to ensure the Executive Team and Technical teams are well versed on how to respond if there is a breach.

·???????Regular Attack Simulation exercises by highly experienced Adversarial testers to focus on discovering weaknesses and improving the overall security posture.

This is by no means an exhaustive list, but it is a very good starting point.?The bottom line is that organisations need to do everything to protect themselves, but they also need to understand the implications of being breached and what the steps are to recover and continue operating as a business as quickly as possible.?

During my time working for vendors, I have had the opportunity to work with many wonderful customers.?I have seen situations where customers are solely focused on preventing an attack and don’t really stop to consider the implications of being breached.??I have also seen many customers lacking visibility across their entire estate.?Some customers have visibility across the network, and some have visibility across their endpoints, but rarely do you see a customer have complete visibility across endpoint, network and cloud.?I have seen many customers send logs to a SIEM, but then not really managing the data coming into the SIEM.?Many of them inundated with way too many alerts for the SOC teams to handle and in the end the SIEM is purely used to search logs as/when required.

I am now approaching my fourth month at Secureworks, and my main focus is to help organisations improve their cyber resiliency.?Secureworks have a rich heritage in IR and real expertise around responding to cyber threats and events.?We can help with contextualising the data we log and providing and actioning high-fidelity alerts.?We can act as a SOC for our customers or work in a hybrid SOC arrangement.?We provide IR Services during the time of crisis and run IR proactive services to ensure our customers are well versed on what to do if they are breached.?Our world class adversarial testing team work closely with customers to ensure they continuously improve their cyber defenses.?

I hope this article was of value.?I want to reiterate that there is no magic bullet in any of this and I would be extremely cautious of anyone telling you that there is.?It’s a collective effort and it requires People, Process and Technology.?It can be a very confusing space with so many technology providers bringing their own messaging to the market.?My advice would always be to do thorough due diligence and align yourself with partners that align to your values and strategy.?My best wishes to everyone fighting the good fight. Your efforts in keeping us safe in the digital world are very appreciated.?Please reach out if I can help with anything at all.