Companies adopting ‘cyber resilience’ to reduce risk

Australia has suffered several high profile cyber-attacks in recent times, shining the light on the need for organisations to strengthen their cyber resilience and prepare for the ‘if’, not ‘when’.

With global ransomware damage costs predicted to exceed $265 billion (USD) by 2031, and a new attack occurring every two seconds, businesses face the reality of becoming a victim and suddenly being incapable of accessing critical data and unable to operate. As a result, security teams are scrambling to strengthen their cybersecurity posture and allow for accelerated recovery from cyberattacks.

As an organisation uniquely positioned to help companies prepare for, respond to, and fully recover from a cyberattack, we find security professionals, analysts, system integrators and board members increasingly understand there needs to be a shift in priorities - from primarily focusing efforts on keeping threat actors out of the network, to developing a strategy to reduce the impact. This is called ‘cyber resilience’.

According to MITRE, cyber resilience “is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” This need comes from the realisation that traditional security measures are no longer enough to protect systems, data, and the network from compromise. The objective of cyber resilience is to ensure an adverse cyber event does not negatively impact the confidentiality, integrity, and availability of an organisation’s business operation.

Cybersecurity vs. Cyber Resilience

It’s important to understand the difference and note that both are most effective when applied simultaneously.

Cybersecurity applies technology, processes, and measures designed to protect systems such as servers, endpoints, networks and data from cyberattacks. Cyber resilience focuses on detective and reactive controls in the IT environment to assess gaps and strengthen overall security posture. These initiatives enhance a variety of cybersecurity measures when leveraged together.

As Australian companies grapple with frequent and more sophisticated attacks, cyber risk and security management frameworks help adopt the concept of cyber resilience. For example, Essential Eight, developed by the Australian Cyber Security Centre and recommended by the Australian Signals Directorate, helps mitigate threats and data breaches. Analyst firm Gartner also advises organisations to shift their cybersecurity priorities from defensive strategies to the management of disruption through resilience to make a real difference to the impact of cybersecurity incidents.

Benefits of Cyber Resilience

A cyber resilience strategy can provide a range of benefits prior, during, and after a cyberattack. This includes:

• Enhanced Security Posture and Compliance Posture: Aside from responding to and surviving an attack, cyber resiliency helps an organisation develop strategies to enhance IT governance, expand device and data protection efforts, and minimise human error. Additionally, many industry standards, government regulations, and data privacy laws propagate cyber resilience.
• Reduced Financial Loss: The IBM Cost of a Data Breach Report 2022 puts the average cost of a data breach at $4.35 million (US) globally. Further, the reputational impact of data breaches has increased with tougher penalties. Changes in The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 increased the maximum penalties for serious or repeated breaches from $2.22 million (AU) to whichever is the greater of $50 million (AU) or three times the value of any benefit obtained through the misuse of information. Cyber resilience can help minimise recovery costs by accelerating time-to-remediation.
• Enhanced IT Productivity: The ability to improve daily IT operations, including threat response and ensuring day-to-day operations run smoothly, are understated benefits of cyber resilience.
• Heightened Trust and Competitive Advantage: Cyber resiliency helps improve trust by improving the chances of responding to and surviving a cyberattack, minimising the negative impact on customer relationships. This is why organisations with cyber resilience gain a competitive advantage over companies without it.

The steps organisations take to achieve cyber resilience vary as determined by its range of cyber resources, such as networks, data, workloads, devices, and people, together with the threats they are susceptible to. This means the cyber resilience measures implemented should be based on an assessment of the tactics, techniques, and procedures (so-called TTPs) that hackers commonly apply when exploiting their victims. A good example is endpoints, which are often used as an access point for attackers to infect an organisation’s entire network or function as a beachhead to laterally move within the network.

According to the Ponemon Institute, 68 per cent of organisations suffered a successful endpoint attack within the last 12 months – a sobering stat that unfortunately suggests security has been eroding in a work-from-anywhere environment, and affirms why Endpoint Resilience must be part of a cyber resilience strategy. This enables security teams to know where their endpoints are, apply deep security control, and take defensive actions on those devices, such as repairing protective security applications if they’re disabled, altered, or compromised.

When implemented properly, cyber resilience is a preventive measure to counteract human error, malicious actions, and decayed, insecure software and protect the entire organisation, covering all available cyber resources.