Are you prepared and resilient enough to be able to continue business operations when a cyber-attack occurs?
Business Continuity is a long-term strategic plan that readies an organisation for disruptive events such as naturals disasters, pandemics, loss of key personnel as well as many other unforeseen circumstances. The U.S. NIST Special Publication 800-34 was one of the first frameworks to identify that organisations need to have a cyber readiness plan and a well-rehearsed playbook for a range of scenarios.
So, what exactly is cyber resilience? According to the Australian Cyber Security Centre, cyber resilience is:
The ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage, and recover from, cyber security incidents.
The U.S. NIST also published their Cybersecurity Framework, last updated in 2018, where they outline five distinct lifecycle functions – Identify, Protect, Detect, Respond, and Recover. The first two functions cover essential responsibilities of an organisation to identify critical business processes, and the cyber assets supporting them. The remaining three functions relate to the practices associated with detecting, responding to, and recovering from, disruptive cyber incidents.
Many organisations spend time identifying, then protecting their assets, using a vast array of well-known technologies and vendors. However, cyber resilience is more about a capability steeped in continuous learning, practices and improvements. As an important first step, organisations need to identify where their cyber assets are located and who is operating them. This sounds simple enough, but it needs understanding of nuances regarding the supply chain, the concept of the extended enterprise, service providers, contracts, service level agreements, roles and responsibilities and what constitutes an approved baseline of normal activity in order to report on, and investigate, suspected incidents.
In heading down the path of starting a cyber resilience practice, organisations will have to consider, and invest in, one of the following Security Operations Centre (SOC) models:
- centrally log all information and respond to incidents reactively
- try to build the entire capability inhouse
- use a co-managed solution, or
- use a fully outsourced solution
Each model has its pluses and minuses, including cost, sharing sensitive information, loss of key personnel, training budgets, and rehiring staff.
The next burning question is, “What sort of disruptive cyber incidents should my organisation plan for?” As a guide, organisations should seek to plan for incidents such as ransomware, denial-of-service (DoS), phishing, spear phishing, whaling, vishing, data exfiltration, rootkits, virus and worm outbreaks. Other attacks include social engineering, theft of intellectual property, unauthorised access to sensitive information, unauthorised data movements between security domains, spyware, logic bombs, and the compromising of integrity for mission critical systems that involve human safety.
The quote by Nelson Mandela is very pertinent with regards to resilience. In order to become cyber resilient, organisations need to change their mindset from, “if a cyber security event will happen”, to, “when a cyber security event will happen, and how often”. This means that an organisation will need to identify and root out potential threats using techniques such as threat hunting, red teaming, blue teaming, purple teaming, breach and attack simulations, vulnerability scanning, penetration testing, audits, user entity and behaviour analysis, and the use of continuous monitoring.
There are several inspiring stories where organisations have striven for high levels of resilience as a market differentiator. One such story is that of Netflix, the organisation that streams digital content and requires a reliable service in order to make income and keep all of its stakeholders and customers happy. They developed, and open sourced, software called Chaos Monkey (https://github.com/netflix/chaosmonkey), where the idea is to introduce chaos to your production systems during working hours. Why working hours? Well, support staff will be around in case something does not work as expected.
You might think that this is a risky strategy, but Netflix are continually striving for robustness of their service offering. Ask yourself, how confident would you be to arrange a surprise outage for your own organisation, to gauge how resilient and well-practiced your staff, processes, and technologies are? This is what cyber resilience is all about. Handling adverse events that are unexpected and have potentially detrimental consequences.
What can ALC offer regarding Cyber Resilience?
Having the right knowledge and understanding is a key factor in ensuring successful cyber resilience. ALC, with our industry-leading range of cyber training courses, offers just that. We have:
- Best practice in cyber security with specific programs such as NIST Cybersecurity Framework Practitioner® and ISO 27001 Lead Implementer
- Enterprise IT risk and governance with certifications such as CRISC® and CGEIT®
- World-class security management with CISM®
- Getting the right security architecture with SABSA®
- Leading Bodies of Knowledge such as CISSP® and CCSP®
- The ultimate get-up-to-speed course CSF+P Cyber Security Foundation+Practitioner™
The right training can change everything.