The current information security landscape is rapidly evolving. According to the latest research from IBM Security and the Ponemon Institute’s 2020 Cyber Resilient Organization Report, 67% of organizations reported that the volume of attacks had significantly increased over the past 12 months. It’s not just the amount of attacks that grew; 64% of organizations also saw an increase in the severity of the attacks. Roughly 53% of responding organizations experienced a data breach involving more than 1,000 records within the last two years.
This growing volume of severe attacks is disruptive to information technology (IT) and business processes, resulting in an increased interest in cyber resilience. More and more enterprises are shifting away from a purely defensive security posture. Instead, companies are embracing a holistic approach to creating a security-conscious culture. They are cultivating a cyber resilience mindset with the ability to prevent, detect, contain and recover from threats against data, applications and IT infrastructure.
Organizations designated as “high performers” in cyber resilience outperformed others in all areas of IT security in the 2020 Cyber Resilient Organization Report.The gap between high performers and the others was largest when it came to detecting and containing attacks.
Building cyber resilience isn’t simple or easy. But, it clearly can be worthwhile if you start with the right framework and approach best suited for your company.
What is Cyber Resilience?
Cyber resilience refers to an organization’s ability to keep operating when cyberattacks or other adverse events affecting IT systems occur. It goes beyond protecting against threats, defending against attacks and remediating incidents to encompass the ability to withstand all types of cyber events.
The concept of achieving cyber resilience can be likened to the idea of continuous improvement in management theory. Enterprises can make a series of small changes to organizational cultures, technology stacks and policies and procedures on an ongoing basis. This ultimately cultivates increased resilience — the ability to prevent data breaches and business process disruptions in the face of cyber incidents — over time.
Building Cyber Resilience
High performing organizations leverage automation, cloud services and interoperable solutions to prevent attacks and rapidly intervene in those already in progress. They also build attack-specific and enterprise-wide incident response plans to foster consistency and effective collaboration when attacks do occur.
This year’s Cyber Resilient Organization Report outlines four key areas enterprises must focus on to be effective if they are to bolster cyber resilience overall.
Prevention
Prevention is the area in which the largest number of enterprises have made the most improvements. In fact, prevention may even be over-emphasized; 56% of the responding organizations use the number of cyberattacks prevented as a measure of their overall cyber resilience, rather than considering a more global array of metrics.
However, leaders of high-performing enterprises still report a great deal of confidence in their organizations’ abilities to prevent cyberattacks. This confidence may be due to their more frequent use of automation, artificial intelligence and machine learning than their lower-performing peers. As a general trend, enterprises that employ automated solutions in risk and vulnerability assessment and configuration management benefit by improving visibility and freeing up resources for higher-value tasks.
Detection: Identify Signs of Compromise Quickly
Speedy time-to-detection prevents incidents from escalating into breaches and reduces overall remediation costs. However, complexity often becomes the enemy of rapid and accurate identification of malicious activity.
Nearly 30% of the respondents in the Cyber Resilient Report use more than 50 separate security solutions and technologies. Companies with more than 50 security tools in place actually ranked 8% lower in their ability to detect attacks than those running fewer disparate solutions. The interoperability challenges and environmental complexity within these solutions impact efficiency and slow down detection.
Automated solutions that can be integrated across multiple tools and platforms within your environment can help enhance visibility into applications and data. These tools can reduce overall complexity, allowing security teams to make better decisions about how to spend their time and attention.
Containment: Processes and Workflows for Rapid Remediation
Top performers are doing a much better job of responding to and containing incidents than their less-resilient counterparts. They outperformed other organizations by 35% according to this year’s Report.
A key differentiator may be their greater commitment to preparation and planning. Roughly 43% of high performers use an enterprise-wide cybersecurity incident response plan, whereas only 20% of other organizations do. High performers are also more likely to review and test this plan regularly and apply it consistently. In addition, they’re more likely to develop attack-specific response plans for the types of attacks most prevalent in their industry.
The lesson is that planning is invaluable. Formalizing playbooks that outline incident containment and response procedures can greatly reduce the time it’ll take to contain attacks, as well as limit the eventual scope.
Response
Response is another area where high performers’ capabilities far exceed the majority of their peers. We’re already noted that high-performers are more likely to be leveraging automated tools.
The same tools that improve a security team’s ability to prevent and detect attacks may also improves their performance when responding to and containing incidents. Any tool that increases analysts’ overall operational efficiency will give them more time to spend on their most valuable activities.
Overall, cyber resilient organizations outperform their peers in every aspect of IT security operations. Creating cyber resilience starts with building strong and collaborative organization-wide cultures where data privacy and security are valued. An organization also needs to focus on wise technology investments to improve security operational performance. They should understand that more tools do not necessarily add up to stronger security. Instead it should focus on implementing those, such as automation of mundane tasks and routine workflows, that can make security analysts’ jobs easier, more creative and more fulfilling.