Most organizations invest in cybersecurity hoping to reduce or eliminate the risk of a data breach. Risk, unfortunately, can never be completely eliminated — cyber criminals are constantly upping their game to get at money and data. In 2019, 76 percent of small and mid-sized businesses in the U.S. experienced a cyber attack, according to the Ponemon Institute’s most recent Global State of Cybersecurity in Small and Medium-Sized Businesses report.
So, what happens when that data breach occurs? How does an organization manage the breach and continue to function? The answer is cyber resilience.
What is cyber resilience?
Cyber resilience is an organization’s ability to continue functioning and achieving your business goals, no matter what happens. If there’s a breach — if an employee accidentally falls for a phishing scam that downloads malware, but your security team contains the threat and your employees are able to continue working despite the breach — your organization is demonstrating cyber resilience.
It’s a form of business continuity planning that doesn’t just include cyber attacks or data breaches, but other crises. For example, if your employees now work remotely because of the pandemic, but are still able to do their jobs well and deliver business outcomes, your business is also demonstrating cyber resilience.
At its core, cyber resilience is about your organization’s ability to do three things:
- Prepare for adverse conditions
- Adapt to changing conditions
- Withstand and recover from a crisis
If your organization can do those three things effectively, you’ll likely be able to weather an attack with minimal damage — you’ll be cyber resilient.
How is cyber resilience different from cybersecurity?
Cybersecurity is all about protecting your business from an attack on your digital assets. When you’re investing in cybersecurity, you’re investing in technology, practices and processes that are meant to protect your data, systems, and networks from a breach or an attack by cyber criminals.
In other words, cybersecurity is about minimizing your risk and avoiding an attack.
Cyber resilience is about making plans for what your organization will do when an attack happens. If your company’s data or platforms are held for ransom, how will your employees complete their daily activities? Do you have a backup system? If your web application is brought down by a DDoS attack, what plans are in place to get back up and running?
When you invest in cyber resilience, you allow yourself to recognize that cybercriminals may be a step ahead of you when it comes to technology and that sometimes they’ll win, get into your system, and breach your defenses.
This mindset might seem defeatist, but it actually helps you become more agile when it comes to your cybersecurity — once you admit a breach is possible, your organization can be better prepared if one happens.
How can your organization develop cyber resilience?
There are several frameworks available to help your organization develop and assess your cyber resilience. The U.S. Department of Homeland Security’s Cyber Resilience Review (CRR), Symantec, and NIST SP 800-160 Vol. 2 are all such frameworks.
NIST’s framework offers 14 techniques for cyber resilience, including — among other items — adaptive response, analytic monitoring, contextual awareness, and redundancy.
Essentially, businesses that embrace an adaptive response to threats tend to be more agile when threats occur. Those that use redundant systems aren’t paralyzed when a breach compromises one system. Businesses that monitor both their own security and external threats are likely to be cyber resilient because they’re aware of both internal weaknesses and external threats.
How can SecurityScorecard help?
As NIST points out, proactively monitoring both your own internal cybersecurity and the cyber threat landscape is important when you’re developing cyber resilience in your organization.
SecurityScorecard helps you do that by monitoring the cyberhealth of your enterprise across 10 groups of risk factors with our easy-to-understand A-F security ratings. Our ratings continuously monitor every part of your security operation, from DNS health to web application to your patching cadence. Our ratings show you how cyber criminals see you from the outside, by showing you information available on the open web as well. If your company’s name is showing up in hacker chatter, that appears in our score, as does any leaked credential.
If your score drops, you’ll know that something has changed, and our platform will then offer remediations to help you fix the problem before there’s a breach or an attack. By continuously monitoring your enterprise’s security, you’ll be able to take action and remain cyber resilient.