Amid Rising Cyber Threats Is Prevention or Resiliency the Best Security Strategy?

As more businesses fall victim to cyber-attacks company leaders and their IT and security teams are extending resilient capabilities to endpoint devices and applications.

According to Cybersecurity Ventures, global cybercrime costs are expected to grow by 15% per year over the next five years, reaching US $10.5 trillion annually by 2025. Yet, the financial impact of a cyber breach, while undoubtedly the most immediate, is not the only consequence businesses will be faced with. A recent Microsoft security survey found 48% of ransomware victims reported attacks caused significant operational downtime, exposure of sensitive data and reputational damage.

As more businesses fall victim to bad actors’ nefarious cyber tactics, company leaders – and their IT and security teams – are seeing the need to reevaluate their security policies, secure remote access and extend resilient capabilities to all devices and applications.

In our recent report, “The Value of Zero Trust in a Work From Anywhere (WFA) World”, 97% of surveyed IT experts believed that remote workers are exposed to at least some added risk, with roughly 47% believing the risk was either high or extremely high.

Given this, and the nature of distributed teams, organisations need the right tooling and technology to secure their endpoints, remotely, at scale, so they can effectively restore their critical applications after a crippling attack. Analysis by Absolute Software shows that most security controls have a high probability of going out of compliance if they are not actively maintained, with about a third of machines having anti-virus and anti-malware agents that are out of compliance at any given time.

Instead of asking how we can prevent every attack, the question we really need to be asking is: what can we do to make ourselves more resilient, and ensure we can bounce back as quickly as possible?

THE NEED FOR A SECURITY “GO BAG”

It is critical that organisations have a highly effective cybersecurity “go-bag” to get them back on their feet if something goes awry.

Many businesses already have basic security hygiene and defensive depth in place to try and detect attacks. However, most businesses lack what really matters for a complete recovery – proactive resilience, or the ability to bounce back up when struck down. Like people who live in an earthquake zone, businesses need to have a cybersecurity “go bag” they can grab as soon as a potentially catastrophic attack occurs.

Historically, IT and security professionals’ top priority has been securing and restoring critical infrastructure, such as servers and key business systems. Yet, in today’s WFA world, the threat of cyberattacks is greatly exacerbated by the wide distribution of endpoints, which has expanded the potential attack surface, lowered barriers to entry, and reduced IT teams’ visibility of devices.

Unfortunately, in most cases, it is nearly impossible to know what systems have been touched by hackers and whether they’ve been successfully expelled from the network. The most reliable way to ensure you’ve eliminated all the hackers’ footholds is to wipe everything and begin anew – in other words, taking a ‘scorched earth’ approach. But to do this in a remote world, businesses must have data backup and restoration software to get them back to a known, “golden image” state, without the machine having to return to the office.

To ensure the highest level of cyber resilience and enable endpoint reconnection after a complete “scorched earth wipe,” businesses need persistent defence technology with firmware-embedded capabilities, as any form of defensive that lives on an endpoint can only be effective if it remains operational, and functions as intended.

In doing so, organisations can measure the health and compliance of endpoint security controls and promptly identify when applications are disabled, misconfigured, or otherwise made vulnerable. And they can empower those mission-critical applications to self-heal and recover automatically without user intervention – even when starting from ground zero after a complete wipe.

MAKING RESILIENCY THE END GOAL

In today’s ever-evolving threat landscape, there is no room for complacency. Organisations must pivot their technology, policies, and business models to focus on rapid cyber resilience to ensure there are no cracks in their security fabric now, or in the future.

The goal of cyber resilience is clear: to ensure operational continuity with minimal impact. By planning for an attack in advance, rather than focusing solely on prevention, organisations can make strategic decisions to minimise disruption and lessen the remediation timeline when – not if – a breach occurs.

You can get a copy of “The Value of Zero Trust in a WFA World” here.