The Difference Between Cyberdefense and Cyber-Resilience
Cyberdefense is certainly a must-have for businesses in the modern world, as tools such as firewalls and staff training can build a virtual fortress around an organization. However, if that is where a business’s strategy ends, it will be unprepared for what comes if a hacker is able to penetrate those defenses, which is why more IT security professionals are adding cyber-resilience to the plan.
Cyber-resilience is a way of approaching cybersecurity that assumes the organization will at some point be breached. It’s therefore not necessarily about protecting data, but rather ensuring that once an incident occurs, business operations won’t be meaningfully interrupted.
“Cyber-resilience is the ability to prepare for and adapt to changing threat conditions while withstanding and rapidly recovering from attacks to infrastructure availability,” notes a whitepaper from Cisco.
Fallout from the downtime is often what forces businesses to close after a breach, making it crucial to focus on how quickly one can recover and maintain operations.
“It’s not a matter of if it’s going to happen, it’s a matter of when it’s going to happen,” MercuryGate CISO Joe Evangelisto told BizTech. “So when that incident occurs, do we have the ability to recover quickly? Do we have the ability to limit the impact that it has on us, on our customers, and really keep the business going?”
Experts discuss how organizations can become resilient at the CDW Protect SummIT.
How Small Businesses Can Become Cyber-Resilient
When building true cyber-resilience, a risk assessment is a good place to start. An assessment can show not only where potential holes may be in cyberdefense, but also where an organization can improve in its response. Mere moments can decide whether a business will be able to continue operations or be down for an extended period of time, making it crucial to take the right steps.
A cyber-resilient organization needs to address multiple capabilities, the Cisco whitepaper states: identification, protection, detection, recovery, visibility, analytics and forensics. A business must be able to identify critical assets, protect systems by having the ability to contain breaches, and detect when a system’s integrity has been compromised. In the wake of a security event, it needs to be able to recover systems in a timely fashion, gather analytics on the event to help inform IT on potential vulnerabilities, and collect digital forensic evidence. Visibility is key throughout the entire process, as an organization needs to be able to monitor everything in real time.
Because these capabilities are often rooted in different areas of a business, buy-in from senior leadership is crucial. Cyber-resilience needs to be integrated into not only the architecture of an organization, but the culture as well. Cyberdefense is a good first step, but for businesses to truly withstand inevitable security incidents, they must become resilient.