What is Cyber Resilience?
You might be old enough to remember those Timex watch commercials….you know, the ones that said “It takes a licking and keeps on ticking.” Ideally, a business network should have the same quality. Cyber threats are everywhere these days, and the threat seems to be growing daily. Thus, it is no longer possible to reliably avoid these threats. Instead, it is more practical to concentrate on dealing with these threats. This can include preventive measures, reactive measures, or anything in between.
What Does “Cyber Resilience” Mean?
This is a term that refers to the ability of a business to endure a cyber-attack (whether successful or unsuccessful) without a need to shut down business operations. For instance, if you have to close up shop whenever a threat is found, your cyber-resiliency probably isn’t good enough. If, on the other hand, you can deal with the problem in a way that doesn’t affect the day-to-day running of the business, your cyber-resiliency is a lot better.
It’s important to understand the true meaning of this term because many people get it wrong. Cyber-resiliency is not your ability to resist an attack: Rather, it is your ability to recover from one. Remember, even a failed attack or a minor breach can result in a lot of expensive downtime. Larger companies can lose thousands or even millions of dollars in lost business due to network downtime, which means that even a failed cyber-attack can still cause some harm.
The Four Aspects Of Cyber-Resiliency
As a general rule, the topic of cyber-resiliency is divided into four sections: Threat Protection, Recovery ability, Adaptability, and Durability. All four of these must be taken into account in order to have a comprehensive cyber-resiliency plan.
1. Threat Protection
First, let’s talk about threat protection. This is the proactive step, as it involves seeking out cyber threats and working to neutralize them. Or, if they cannot be fully neutralized, they can at least be minimized through good preparation. One example of this is the incorporation of DNS authentication at crucial parts of the network infrastructure.
A DNS (domain name server) is basically like the phone book of the internet. When you type in a particular web address, it takes you to a particular website, right? Well, that only works because a DNS server is translating your request. Thus, when you type in “www.whatever.com,” the internet knows which IP address is associated with that site. Otherwise, you would have to memorize IP address numbers for every website you visit.
Hackers and other intruders can often be detected based on their suspicious DNS traffic. As DNS information is public knowledge, it isn’t that hard for an automated program to limit access based on DNS queries. DNS servers are generally owned by your internet provider, so strange DNS info can be a major red flag.
EDR (endpoint detection and response) software is also a good way to improve your cyber-resiliency. Basically, these programs keep track of all security-related events and information by storing the relevant logs in a database. By analyzing this data, EDR software can then filter out anything suspicious. EDR is a great solution because it monitors the entire network (as opposed to just one part).
2. Recovery Ability
If prevention fails, and an attack succeeds in some way, it is appropriate to move into a recovery phase. This usually involves finding the problems and correcting them to the best of one’s ability. The first thing to understand here is the importance of data backup. Whether it’s a cyber-attack or just a data crash, you don’t want to end up losing all that valuable information.
Data backups are easier than ever and can usually be automated. They have proven to be the single best way to recover from a ransomware attack. Of course, you have to make sure that those backups are stored securely…otherwise, an attacker could target them as well.
Obviously, part of the recovery process is to keep business running smoothly. Thus, you really want to have your IT people come up with response plans for all the most common scenarios. It wouldn’t even be a bad idea to test these plans with a series of drills. The goal is to create a system whereby recovery can commence without disrupting normal business operations.
Unfortunately, cyber-criminals have proven to be very adaptable. When one method stops working, they can quickly find another. This is partly because hackers share information on the dark web, allowing them to learn about new exploits in an anonymous environment. As a result of this situation, cybersecurity professionals must also learn to adapt.
It is hard to plan for something like this because it involves the unknown. However, you can help the situation by leaving plenty of flexibility in your response plans. There should always be an option to change plans if there is a practical reason to do so. Without adaptability, your crisis response efforts will be predictable. As such, they will be less likely to be effective.
When we are talking about non-physical things like networks and such, the concept of durability can be a dicey one. We aren’t talking about the ability of your network to resist breakage. Rather, we are talking about your ability to “take a licking and keep on ticking.”
Sometimes, it can take a company years to recover from an extensive breach. However, most of them are still able to continue doing business in the meantime. This is an example of how durability translates into dollars. Anything that can increase network durability should be embraced.
Here at PCH Technologies, we understand that cyber-resiliency is highly important for your business. As such, we can also tell you that good resiliency is possible if you prepare diligently and make intelligent choices. Of course, it helps if you enlist the kinds of experts that can help you along. If you would like to know more or get some advice, feel free to call us at (856) 754-7500.