By Deryck Mitchelson, EMEA Field Chief Information Security Officer, Check Point Software Technologies.
Cyber resilience is more than just a buzzword in the security industry; it is an essential approach to safeguarding digital assets in an era where cyber threats are not a matter of “if” but “when”.
According to Check Point’s 2024 Cyber Security Report, in 2023 we witnessed a 90% increase in victims of ransomware attacks who were publicly extorted for compensation. While cyber security is a critical pathway through which to bypass ransomware, another dimension of the story that merits discussion is the resilience component.
Resilience encompasses the ability of an organization to maintain its core functions – not just in the immediate aftermath of attacks, but also during recovery from them. It is about being prepared for the inevitable breach, and recognizing that every system, no matter how robust, has potential vulnerabilities.
Roughly 4 in 10 (39%) of global businesses say they aren’t resilient enough to handle a sophisticated cyber attack. As attack methods evolve and increasingly utilize artificial intelligence, the actual figure indicating lack of preparedness may prove much higher.
Some businesses may think they are well prepared if they have a secure perimeter, but resilience is less about the first line of defence, and more about how well businesses can absorb risk and cope with mounting threats. Fending off one attack does not equal resilience.
The essence of cyber resilience lies in its dual focus. On one hand, it involves fortifying operations against constant attacks, ensuring business continuity under what can be considered “normal” cyber warfare conditions.
On the other, it demands a robust strategy for post-breach scenarios. This means having a plan that goes beyond mere recovery, one that adapts and evolves in response to the incident. Such a strategy acknowledges that the digital landscape is a dynamic battlefield, where threats evolve and so must defences.
The role of leadership in cyber resilience
Leadership plays a pivotal role in shaping an organization’s approach to cyber resilience. It’s not just about having a technically sound cyber security team; it’s about fostering a culture where cyber resilience is ingrained in every decision and action. This starts at the top, with board members and executives who don’t just passively endorse cybersecurity strategies but actively engage with them.
Effective leaders understand that cybersecurity is not a siloed IT issue but a critical business function that impacts every aspect of the organization. They ensure that cyber security discussions are not relegated to the IT department alone but are a regular feature of boardroom conversations.
Moreover, leaders in this field recognize the importance of being proactive rather than reactive. They don’t wait for an incident to occur to appreciate the value of a resilient cybersecurity posture. Instead, they invest in continuous education, staying abreast of emerging threats and adapting their strategies accordingly.
This proactive stance involves not only understanding the technicalities of cyber threats but also appreciating their potential business impact. By doing so, they can make informed decisions about where to allocate resources, how to develop their teams and when to implement new technologies or strategies, ensuring that the organization’s cyber resilience is always a step ahead of potential threats.
Technological and human elements of cyber resilience
When it comes to resilience, technology and human expertise must work in tandem. While advanced technological solutions like AI and machine learning are indispensable in identifying and responding to threats swiftly, the human element remains irreplaceable.
This synergy is crucial; technology can provide the tools and automation necessary for efficient threat detection and response, but it is the human insight that contextualizes and interprets these threats within the unique framework of each organization. Staff training, capacity management and a keen understanding of the organization’s specific risk landscape are as vital as the technology deployed to protect it.
The human aspect also extends to fostering a security-aware culture within the organization. This involves regular training and awareness programmes to ensure that all employees, not just the IT staff, understand the role they play in maintaining cybersecurity.
Overall, it’s about creating an environment where cybersecurity is everyone’s responsibility, and where employees are equipped to recognize and report potential threats. Such an approach not only strengthens the organization’s defence against external threats but also helps in mitigating risks posed by insider threats, whether intentional or accidental.
Frameworks and strategies for enhanced resilience
Adopting comprehensive frameworks and strategies is also essential for building a robust cyber resilience infrastructure. Frameworks like NIST2 and MITRE offer structured approaches, guiding organizations through the complexities of cybersecurity and resilience.
In the US, the National Institute of Standards and Technology (NIST) provides comprehensive guidelines and frameworks for cybersecurity, including the widely recognized NIST Cybersecurity Framework. This framework offers a flexible approach to managing cybersecurity risks, emphasizing the importance of identifying, protecting, detecting, responding, and recovering from cyber incidents.
MITRE, on the other hand, is known for its MITRE ATT&CK framework, a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. This framework is used as a foundation for the development of specific threat models and methodologies in the cybersecurity community, helping organizations to understand and prepare for potential attack scenarios.
Both frameworks help in identifying vulnerabilities, setting priorities and implementing measures that go beyond conventional defence mechanisms. They encourage a holistic view of cybersecurity, encompassing not just technical defences but also aspects like risk management, incident response and recovery strategies.
By aligning with such frameworks, organizations can develop a more nuanced understanding of their cybersecurity position, enabling them to anticipate, withstand, and recover from adverse cyber events more effectively. This strategic alignment ensures that cybersecurity efforts are not just about meeting compliance standards but are tailored to the specific needs and challenges of the organization, thereby enhancing overall resilience.
Future-proofing against emerging cyber threats
Safegaurding against emerging threats is a critical component of cyber resilience. This requires organizations to stay vigilant and adaptive, anticipating not just current threats but also preparing for future challenges.
The rise of sophisticated AI-driven attacks, for instance, necessitates a forward-thinking approach where defence mechanisms are continuously updated and refined. Organizations must also consider the broader geopolitical landscape, which can influence the nature and frequency of cyber threats.
By integrating advanced technologies, continuous learning and strategic planning, organizations can develop a resilience posture that not only addresses today’s threats but is also agile enough to adapt to the unknown challenges of tomorrow.
This proactive approach to cyber security ensures that organizations are not just responding to threats, but are always a step ahead, ready to counteract and mitigate the risks in this dynamic digital era.
This article was originally published by the World Economic Forum and has been reprinted with permission.
