What is Cyber-Resilience vs. Cyber- Security?
Cyber resilience is defined as “the ability to continuously deliver the intended outcome despite adverse cyber-events”. In other words, cyber resilience is the ability of a business or organization to withstand disruption as a result of cyber-attacks or events.
Cyber security seeks to effectively protect the confidentiality, integrity and availability of data residing on computing assets that are operating on or connecting to an organization’s network. The general intent is to defend networked assets against all threats throughout various phases https://attack.mitre.org/wiki/Main_Page of cyber-attacks.
What is the Difference?
At a glance, it would appear both terms are very similar and can be used interchangeably. This is not the case, we first have to identify what type of cyber-attack is being conducted. There are two different categories we will use here to differentiate the two terms:
- Adversaries intent is to steal data e.g. PII, credentials, intellectual property, consumer records, etc.
- Disruption of normal business operations, think, “Stuxnet”, “Atlanta Ransomware” attack or “Sony attack”
Now that we have made a distinction between the two concepts, this leads into how strategic planning and business continuity objectives should be created and integrated to address both concepts. In essence, an effective information security program would encompass aspects of cyber resilience, cyber security, incident management and response and strategic planning.
What can my organization do better?
1. Business Continuity and Disaster Recovery – Let use Ransomware for an example, according to statista.com there were 638 million ransomware attacks worldwide in 2016. There was a precipitous drop in ransomware attacks in 2017 at 184 million attacks globally. Conversely, the sheer scale and frequency of these attacks over a 3 year period is unsettling. It is common knowledge that small-medium sized businesses (SMB) are more susceptible to such attacks for a variety of reasons i.e. budget, infrastructure, personnel, lack of tested BCP\DRP plans. If this is case, it’s imperative that SMB in particular conduct thorough and consistent backups of their data. This will bolster confidence that lost data can be restored quickly to resume business operations. Additionally, identifying the basic elements of your backup strategy—frequency of the backups and what kind of backup is the most appropriate (disk-to-disk, on tape, mirroring) is a step in the right direction. These practical steps will enhance your cyber resilience posture.
2. Incident Management and Response – With the ever changing cyber landscape and the sophistication of attacks conducted by cyber criminals, nation state actors and determined opportunistic hackers; it not only best business practice but a fundamental necessity for organizations to establish an incident management process. The approach of most cyber security practitioners has evolved from a not if but when cyber-attacks and breaches occur and what steps need to be taken to prepare, identify, eradicate and recover from disruptive network incidents.
The regular testing of your company’s incident handling and response plan will strengthen your organization’s cyber resilience and cybersecurity capabilities. Simulating a major security incident will allow leadership to prioritize recovery activities, identify escalation points and inform stakeholders among other processes and considerations. Having a well-developed incident management plan will provide business owners and stakeholders with more confidence knowing what do to, when to do it and how to do it when adverse events occur.
3. Senior management commitment and support for information security – Ensuring that security activities continue to be aligned and support business goals is critical to obtaining management support. If senior management is not committed to cybersecurity and cyber resilience then there will likely be gaps in security architecture, cyber workforce and policy compliance requirements needed to develop a robust and flexible cyber resilience strategy. Ideally, the organizations chief information security officer (CISO) is supportive of security investment while balancing vital cyber resilience goals and operational business objectives.
