Cyber resilience means going beyond cyber security measures since they are simply not enough anymore. It focuses on limiting the impact of security breaches when they do happen. A company is cyber resilient if it can successfully manage cyber incidents while continuing to operate normally. So how to become resilient?
Most importantly, you should be aware the journey towards cyber resilience encompasses all aspects of a business and requires continuous action. In a world where security incidents and attacks lurk in every corner, it’s also inevitable. Here are some tips on how to start the journey.
1. Establish a strong Cyber Resilience Framework
To apply appropriate security controls and prepare efficient strategies to protect your assets, you need to deeply understand your environment and all potential vulnerabilities and risks.
- Extensively evaluate your infrastructure, data, and security gaps to identify all possible risks and exposures (all operations, assets, systems, data, and people in the organization).
- Have effective protective measures in place to protect from and minimize all the risks, like implementing strong security programs, safeguards, and limiting access to critical assets. And always back everything up!
- Constantly monitor your cyber environment to quickly detect anomalies, potential data breaches, leaks, suspicious activities and incidents.
- Determine strong incident response strategies – this plan ensures everyone in the company knows what to do when an incident occurs and how to respond. Document proven security processes so your employees have a reliable set of protocols to guide them.
- Have a strategy for restoring affected infrastructure or services to recover from incidents as quickly as possible to decrease the effect and enable your business operations to continue without coming to a halt.
Sounds overwhelming? Don’t worry, you don’t have to start from scratch – there are a lot of established frameworks out there, and we’re doing our part, too. Together with our partners in the FISHY project, we’re developing a coordinated framework for cyber resilience provisioning that guarantees a trusted supply chain of ICT systems, built upon distributed, dynamic, and often fundamentally insecure and heterogeneous ICT infrastructures.
2. Regularly review your security processes
As said, resilience is an ongoing journey. Because the attacks are getting more and more sophisticated, you need to update your security measures accordingly. It’s vital to review your strategies on a regular basis.
3. It starts with people – build a strong security-focused culture
Not just the outside threats and malicious attacks, in many cases incidents are unintentional and come from employees – they make mistakes, aren’t careful enough or simply just not aware of all the consequences their actions might have. It’s important not just to have your Chief information security officer (oh, yeah – if you haven’t already, appoint a chief information security officer who will be in charge of this all-encompassing, multi-tiered, but essential resilience strategy) be on top of all the actions, but every employee needs to have security on their mind at all times. The company must incorporate strategies for cyber resilience in all aspects of its business. It’s all about creating security-focused culture. Ongoing education and training are essential for raising awareness among employees and improving their skills.
4. Enable secure remote work
Numerous companies have already been offering the possibility of occasional remote work for their employees, and when the epidemics hit, working from home became a necessity for most. Since many workers don’t have company issued computers at home and home network is less secure than corporate one, that creates a big security risk. Companies need to develop protocols for secure remote working, that protects the organization, employees, systems, and partners:
- implement comprehensive security policies and measures
- use a virtual private network (VPN) which establish a secure connection between home and business networks
- use multi-factor authentication method for adding extra verification steps
- use secure remote work software, like for example ISL Online, which enables employees to safely access and control remote computers
5. Take a step further with security standards
Most organizations have various security controls, but if they don’t use an information security management system (ISMS), these controls are often quite disorganized and address only IT aspects, leaving out the non-IT information assets. Information security management standards help companies safeguard intellectual property and sensitive data, manage risks and create resilience. Not only helping companies to put their security practices in order, but the certification also improves the trustworthiness, reputation, and competitive advantage of the company.
One of the most internationally acknowledged standards is ISO/IEC 27001 and its accreditation process considers not only IT but all business operations. ISO/IEC 27001 certified companies protect the data and constantly monitor and update their security system, which not only makes them resilient, but also more reliable in the eyes of customers and partners.
Security in the cloud
Security standards are gaining more and more importance in the modern environment, where everything is moving to the cloud. Despite numerous benefits cloud computing brings, the adoption rate among organizations is still limited due to security doubts. To increase levels of assurance and bring benefits to cloud providers and customers, it’s important to constantly check if security practices are compliant with these standards. And this is what another project we’re a part of is working on.
MEDINA: Security framework for continuous cloud certification
MEDINA faces this issue by developing a framework for achieving a continuous audit-based certification for cloud service providers. Framework is comprised of tools, techniques, and processes supporting the continuous auditing and certification of cloud services and tackles the challenges of security validating/testing, machine-readable certification language, cloud security performance, and audit evidence management.
XLAB’s role in the project
As experts in vulnerability detection components, our role in the project is to lead the implementation of the MEDINA tools for collecting security assessment evidence of cloud infrastructure. Additionally, we’ll contribute to the development of certification evaluation tools and to other research and development tasks leading towards project’s solutions, as well as support associated technical activities such as framework design, integration, and validation.