Mar 26 2020

How SMBs Can Move from Cyberdefense to Cyber-Resilience

A cybersecurity strategy should include more than just protection.

Cyberthreats are evolving by the day. With every software update and security patch comes a group of hackers working to find another way in. For organizations with a large contingent of staff working from home, this can pose an even greater risk, with more potential pathways into the network.  

This is especially true for small businesses, who stand to lose a lot in cyberattacks. Sixty percent of businesses that suffer a breach close for good within six months. With fewer resources, small organizations are particularly vulnerable.

The stakes are high, so a company’s defenses have to be high as well. Many organizations have some form of cybersecurity plan in place. They have anti-virus software, firewalls and even detection systems in place ready to withstand an attack. While these measures do offer necessary protection, they deal with only one aspect of a potential breach: the point of entry.  

Unfortunately, that’s not where cyberattacks end. Breaches can complicate — or completely shut down — an organization’s operations for days, weeks or even months. That’s why businesses are shifting their perspective from cybersecurity to cyber-resilience, ensuring that they will be able to maintain business continuity during and after an event.

The Difference Between Cyberdefense and Cyber-Resilience

Cyberdefense is certainly a must-have for businesses in the modern world, as tools such as firewalls and staff training can build a virtual fortress around an organization. However, if that is where a business’s strategy ends, it will be unprepared for what comes if a hacker is able to penetrate those defenses, which is why more IT security professionals are adding cyber-resilience to the plan.

Cyber-resilience is a way of approaching cybersecurity that assumes the organization will at some point be breached. It’s therefore not necessarily about protecting data, but rather ensuring that once an incident occurs, business operations won’t be meaningfully interrupted. 

“Cyber-resilience is the ability to prepare for and adapt to changing threat conditions while withstanding and rapidly recovering from attacks to infrastructure availability,” notes a whitepaper from Cisco.

Fallout from the downtime is often what forces businesses to close after a breach, making it crucial to focus on how quickly one can recover and maintain operations. 

“It’s not a matter of if it’s going to happen, it’s a matter of when it’s going to happen,” MercuryGate CISO Joe Evangelisto told BizTech. “So when that incident occurs, do we have the ability to recover quickly? Do we have the ability to limit the impact that it has on us, on our customers, and really keep the business going?”

Experts discuss how organizations can become resilient at the CDW Protect SummIT.

MORE FROM BIZTECH: How to improve employee security compliance.

How Small Businesses Can Become Cyber-Resilient

When building true cyber-resilience, a risk assessment is a good place to start. An assessment can show not only where potential holes may be in cyberdefense, but also where an organization can improve in its response. Mere moments can decide whether a business will be able to continue operations or be down for an extended period of time, making it crucial to take the right steps.

A cyber-resilient organization needs to address multiple capabilities, the Cisco whitepaper states: identification, protection, detection, recovery, visibility, analytics and forensics. A business must be able to identify critical assets, protect systems by having the ability to contain breaches, and detect when a system’s integrity has been compromised. In the wake of a security event, it needs to be able to recover systems in a timely fashion, gather analytics on the event to help inform IT on potential vulnerabilities, and collect digital forensic evidence. Visibility is key throughout the entire process, as an organization needs to be able to monitor everything in real time. 

Because these capabilities are often rooted in different areas of a business, buy-in from senior leadership is crucial. Cyber-resilience needs to be integrated into not only the architecture of an organization, but the culture as well. Cyberdefense is a good first step, but for businesses to truly withstand inevitable security incidents, they must become resilient.

scyther5/Getty Images