Some commentators define cyber security as preventing hackers from attacking your network and accessing your systems and data. Cyber resilience, they may view, is about responding and recovering after an attack has happened. While they position cyber security and cyber resilience as two separate activities, the reality is more complex than that. Cyber security can be seen as the first step in cyber resilience meaning any cyber resilience strategy must encompass cyber security. This blog explains more.
Before setting out to define cyber resilience, cyber security and the differences between them, let’s start by answering the question about why is cyber resilience important?
If we were all honest with ourselves, we’d admit that there are things that we think we’re good at that we really aren’t. One of those is securing the technology we use. This is true on an individual, business and a state level in the US. The fourth annual Webroot US Cyber Risk report found that, in 2020, 89% of Americans thought they were good at security, but the actual figure that received an ‘A’ grade was just over 10%. No state in the US managed better than a ‘D’.
At a time when hackers are getting more determined and more cunning, we’ve lulled ourselves into believing that we’re better at cyber security than we actually are. Data breaches increased by 17% in 2019, with nearly 60% of businesses suffering a data breach in the past three years. The cyber security solutions and strategies that these organizations put in place proved incapable of protecting the business from breach.
Today, organizations have to accept that breaches of their network defenses are inevitable. The question is no longer how to keep bad actors out although this remains vital – it’s how to keep going in the face of attack and how to recover as quickly as possible to ‘business as usual’ once an attack occurs? A cyber resilience strategy sets out to answer that question.
Cyber security vs cyber resilience
What are the main differences between cyber security and resilience? This was a question asked on the Quora website and the answer provides a good illustration of the two disciplines:
Cyber security definition
- Cyber security encompasses technologies, processes and measures designed to protect systems, networks, and data from cybercrimes.
- It reduces the risk of a cyber attack and strives to protect entities, organizations, and individuals from the deliberate exploration of systems, networks, and technologies.
- Cyber security solutions must work effectively without compromising the usability of the systems.
- Any cyber security strategy must also include a robust continuity business plan to resume operations if a cyber attack is successful.
Cyber resilience definition
- Cyber resilience is an organization’s ability to continuously deliver intended services, operations and outcomes despite the occurrence of cyber events.
- It encompasses a wider scope, comprising cyber security, risk mitigation, business continuity and business resilience.
- Cyber resilience strategy requires a cultural shift as the organization adopts security as a full time job and embeds cyber resilience best practices into day to day operations.
- With cyber resilience, an organization has to become intelligent and agile in order to handle real and potential attack.
It should be clear by now that cyber security and cyber resilience are different but symbiotic. Some companies do still treat them as separate and inter-related solutions, often establishing cyber security and resilience policy frameworks and strategies. However, there is more value when cyber security forms an element of overall cyber resilience.
How does cyber security fit within cyber resilience?
In recent years, a number of cyber resilience frameworks have appeared – including those from the UK’s National Cyber Security Center (NCSC) and the US’s National Institute of Standards and Technology (NIST) – which, although worded differently, tend to revolve around five key areas – prepare, protect, absorb, recover and adapt. Looking at each in turn shows where cyber security sits within a wider cyber resilience strategy.
Prepare
Prevention will always be better than cure, and to prevent cyber attacks and data breaches requires a multi-layered approach to cyber resilience that includes technology, people and processes. This will include putting in place comprehensive security policies and providing cyber resilience training and in-work support to ensure that everyone knows their role.
Protect
Cyber security falls within the protect step of cyber resilience. In addition to basic security software such as firewalls, more sophisticated solutions like endpoint detection and response (EDR) solution – such as OpenText™ EnCase™ Endpoint Security – provides a far greater degree of protection. In addition to EDR tools, an Endpoint Protection Platform – such as Webroot Business Endpoint Protection which delivers next-generation endpoint protection solutions and integrates with DNS protection, security awareness training and data protection layers for even greater cyber resilience levels.
Absorb
One of the major end goals for cyber resilience is building durability into the organization when an attack occurs. At this stage of cyber resilience, organizations often adopt a single platform for their data and content, providing a single source of the truth for all information that is easier to protect. Adding content management and cloud collaboration means data can be quickly isolated and quarantine while other systems and data remains available.
Recovery
Returning to normal after an attack is the ultimate goal of your cyber resilience strategy. If a successful ransomware attack locked down all your data, the results can completely stop the business from operating. To avoid such a situation, an effective data back-up and recovery is an essential part of cyber resilience. Tools such as OpenText™ Carbonite allow for the automated, granular back-up and recovery of data to a separate network or drive to enable you to quickly restore data that has been seized or wiped.
Adapt
Adaptability is a key component of cyber resilience. Network and security solutions that leverage up-to-the-minute threat intelligence – such as those available from OpenText™ BrightCloud Threat Intelligence Services – ensure that a network can automatically adapt to the latest threats. This sort of intelligence integrated into a SIEM or other tools within your Security Operations Center also allow you to understand the current threats to your network and data, as well as make accurate predictions about likely attacks in the future.
Benefiting from cyber resilience services?
There are many moving parts to a successful cyber resilience strategy. More than a set of technologies backed by security policies and procedures, cyber resilience involves a change of mindset about how security operates within an organization, and beyond. For this reason, many companies look to cyber security service providers to deliver skills and experience that the organization lacks. Most providers offer a comprehensive portfolio of cyber resilience services based around cyber resilience best practices and industry experience. Some of the most successful cyber resilience examples are where the organization engages with the service arm of their chosen cyber security solutions to help increase and flexibility of implementation.
Find out more about cyber resilience and other information security solutions from OpenText.
