Cyber resiliency for today’s businesses is as crucial as having a top-notch screening process for your top-level employees. Top-performing, resilient team members will naturally protect your business and its processes. Similarly, having top-tier cyber resiliency will keep your data, sensitive customer records and Intellectual Property secure. Your business will very likely experience cyber events such as hacks, natural disasters and economic downcycles. Cyber preparedness is becoming a necessary protocol for every successful organization — no longer a “would be nice when we have more resources” type of action item. The sobering statistics:
Cyberattacks:
- 93% of business networks can be infiltrated by cybercriminals.
- Many company leaders feel underprepared for upcoming cyber threats.
- In 2021, over 60% of businesses were targeted by software supply chain attacks.
- Of 1,000 CIOs surveyed worldwide, at least 8 out of 10 CIOs feel their software supply chains are vulnerable.
Natural Disasters and Cybersecurity:
- Work-from-home networks are 3.5 times less secure than commercial networks. Cybercriminals target home networks because they’re easier to infiltrate.
- More and more organizations are moving to the cloud to keep business continuity intact in the event of a natural disaster.
Economic Slumps:
- Cybercriminals don’t stop their attacks during a recession. They are emboldened by them like looters in a riot.
- Strong cybersecurity is required for compliance and regulations — or you could risk stiff penalties.
- British Airways was fined $26 million for a cybersecurity breach impacting 400,000 customers.
- Zoom paid $85 million in a 2021 settlement for privacy and security issues.
Average Weekly Cyberattacks per Company by Industry (2021):
- Education/Research: 1,605, +75%
- Government/Military: 1,136, +47%
- Communications: 1,079, +51%
- Finance/Banking: 703, +53%
- Insurance/Legal: 636, +68%
The sheer number of attacks per week is increasing significantly every year as the push for digital adoption grows. In 2021, cyberattacks on corporate networks grew 50% in overall attacks — per week! In North America alone, the weekly attacks per organization jumped by 61%. The facts clearly point to the critical importance of cyber resiliency in your organization.
What Does a Cyber Resilient Infrastructure Look Like?
Cyber resiliency engineering is an innovative method of combining multiple processes with your existing cybersecurity initiatives to develop more secure and trustworthy systems. According to the U.S. National Institute of Standards and Technology (NIST): “Cyber resiliency engineering intends to architect, design, develop, implement, maintain, and sustain the trustworthiness of systems with the capability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises that use or are enabled by cyber resources.”
From a bird’s-eye view, cyber resilience means your organization can survive by maintaining mission-critical business operations during a cyberattack and mitigating potential disruptions to your revenues. The NIST 800-160 is considered the leading benchmark for gauging your organization’s cyber resilience levels.
Cyber Resiliency Is for All
This more robust form of cybersecurity is not just isolated to and deployed by the IT or security team. Truly effective cyber resiliency requires an organization-wide approach. This includes continuing education of employees on what they can do specifically to allow them to do their jobs securely. And it may include partnering with battle-tested, cyber-resiliency partners to fill in or reduce any team experience gaps or weak spots. It stands to reason that because the majority of cybersecurity issues originate from non-IT and cybersecurity departments your business is or will be fundamentally more secure if there is a thriving culture of cyber resiliency in every department.
Optimize Your Cyber Resiliency
It seems like a daunting task, but like everything else in business, it can be broken down into more manageable, achievable parts.
Prevention: “An ounce of prevention is worth a pound of cure.”
- Multifactor Authentication (MFA): MFA is a much, much more effective method of preventing unauthorized access to your network than strong alphanumeric and symbol passwords alone. According to Alex Weinert, director of identity security at Microsoft, MFA can reduce the likelihood of account compromise by 99.9%. MFA can also be customized to your organization’s or even individual preferences to allow for more robust and widespread adoption.
- Production Information Management (PIM): PIM is a server application for aggregating, storing and redistributing your critical data. This system can also be used to leverage and optimize your supply chain management applications.
Custom Access: “You don’t need to know that.”
- Privileged Access Management (PAM): PAM ensures that the Goldilocks level of permissions to your organization’s critical data is accessed by the right individuals at the right time. This includes controlling access to privileged accounts, managing passwords and credentials as well as monitoring who or what is accessing your system. The monitoring can be expanded into isolating, recording and auditing these sessions to confirm that the access level privileges are appropriate for each user.
Treatment: “Treatment is emergency care for symptoms that have developed over a long period of time.” The SAFE method:
- S — Set the Strategy: Have a post-cyberattack plan in place. You will likely need to notify customers, examine how much damage has been sustained, engage your legal team and contact your cyber-insurance provider.
- A — Assess the Breach: It will be necessary to do a deeper dive into what data was compromised and — equally important — assess if the cyber threats still exist. Threats and breached data should be ranked in order of sensitivity to help with prioritizing any countermeasures.
- F — Fix It: This will likely involve a multi-departmental approach. Even more likely, it will involve experienced and trusted solutions providers to more accurately aggregate data and help deploy commensurate risk mitigation actions.
- E — Examine the Systems: After the breach and its fixes, your organization will need to test your systems for vulnerabilities. Then test and retest again to make sure your new fail-safes, whether additional methods, technologies, partners or all of the above, are effective in preventing similar or upgraded cyber breaches.
Start Now
Cyber resiliency requires your entire organization. Your C-levels, managers, employees and even vendors have vital roles they can perform to make the organization stronger and more secure than ever. Evaluate your current cyber resiliency plan and test it for weaknesses. Consider working with solutions providers like the Migus Group to assess the effectiveness of your plan. New cyber threats are literally being created every year. Further, in the relentless pursuit of total cybersecurity, there is no finish line. What will matter most is what your organization does now to help mitigate or outright prevent the next data breach. Get your assessment today.
Marty Aquino has been a passionate writer on venture capital, technology, forecasting, risk mitigation, wealth and entrepreneurial topics since 2009. He is the founder of Carbonwolf Energy, a venture capital firm specializing in world-changing and status-quo-defying technologies and people.