Monday 21 August 2023

by Philip Ingram MBE, International Security Expo & International Cyber Expo Head of Content


Our digital landscape is rapidly evolving, cyber threats are growing in scale and complexity, and no organisation is immune to these threats. Cyber-attacks, particularly ransomware attacks, have been on the rise, with a staggering 66% increase in attacks on organisations in the past year alone. As a result, it has become crucial for businesses to prioritise cyber resilience and take proactive measures to minimise the impact of such attacks.

While there is no failproof solution to completely eliminate the cyber threat, there are steps that every business can take to enhance their cyber resilience. There are also lots of different frameworks out there and most are as good as each other, this article is not following one framework but bringing elements of many together to get you thinking about resilience.

Identify and protect your most valuable data.

In military planning terms this is known as protecting your vital ground. Vital ground in data terms is that data that is so essential to the business that its loss or compromise would lead to the business falling apart. The first step towards cyber resilience is to build a real-time inventory of your organisation’s most valuable data, ensure its protection and in the process properly identify your vital ground, making sure that element of your businesses data is truly secure. It is surprising just how many business leaders can’t identify their vital ground!

Many organisations store a vast amount of data in cloud services and Software as a Service (SaaS) applications. Data protection standards can be very variable and as such it is critical to remember it’s your data and you are responsible for it and part of that responsibility is ensuring the security standards meet your needs and the regulatory environment you operate in.

On the path to secure your vital ground you need to identify your key terrain, those areas that have a direct influence on your vital ground. This could mean that to effectively protect your data, consider implementing data protection measures for both cloud services and endpoints. Endpoints, such as user devices, are critical entry points for ransomware attacks. Implement robust security measures, such as encryption, access controls, multi-factor authentication (MFA) and regular data backups, to minimise the impact of a potential attack.

Ensure your backup regime is fit for purpose.

Your organisation’s backup system plays a vital role in mitigating the impact of cyber-attacks. It is essential to evaluate your existing backup system and ensure it meets the necessary requirements for cyber resilience. Look for features like unmodifiable, truly immutable backups, deletion prevention, and breach-resistant architecture. If your current backup system lacks these capabilities, it may be time to consider alternative solutions.

To further enhance your cyber resilience, it is crucial to segregate the backup system from the primary environment. Use separate passwords, access controls, monitoring, and air-gapping to minimise the risk of an attack affecting both systems. This separation will provide an additional layer of protection, ensuring that your backups remain intact even if your primary environment is compromised.  That separation may not just be a physical separation of systems, but you may wish to consider additional controls over who can access the back up systems. People are an important element of any network.

Have a true zero-trust security posture.

Zero trust security is a mindset that assumes no user or device should be trusted by default. Adopting a zero-trust approach helps organisations build a more resilient and responsive security infrastructure. However, many security teams struggle to understand and implement zero trust principles within their organisations.

At a minimum, your organisation should already be implementing single sign-on (SSO) and multi-factor authentication (MFA) to enhance security. Regularly assess your MFA coverage and choose strong second factors that are resilient to phishing and other attack methods; remember nothing is completely safe from a determined attacker.

Educate your employees about the importance of zero trust and provide training on best practices for implementing it within your organisation. Remember with the move to greater hybrid working and use of mobile devices the threat landscape has changed dramatically and therefore an understanding of zero trust must change with it. If your threat analysis is based purely on network activity and no analysis is done on mobile devices, how do you know you understand what is potentially attacking your data?

Focus on cybersecurity awareness and culture.

One of the weakest links in an organisation’s cyber defence is its employees. Cybercriminals often exploit human vulnerabilities through phishing attacks and social engineering techniques. While security training programs are essential, they may not be sufficient to ensure a 100% cyber-aware workforce.

To strengthen your organisational cybersecurity awareness, consider implementing intelligence-driven training programs. These programs can identify areas where employees need to improve their cybersecurity hygiene and provide targeted training to address those gaps. By continuously educating and empowering your employees, you can significantly reduce the risk of successful cyber-attacks.

However, there is no point is improving awareness if the culture is wrong, so ensuring a cyber-positive, blame-free reporting culture is as critical to protecting your organisation as anything else. We have all accidently clicked on something we shouldn’t.

Plan and test your responses.

Preparing for cyber-attacks is not just about preventing them; it is also about responding to them effectively. A robust incident response plan is crucial for minimising the impact of an attack and recovering quickly. However, many organisations fail to regularly review and update their incident response plans.

Dust off your incident response playbook and ensure it is up to date. Include predefined steps that involve multiple teams, such as IT, PR/Comms, legal, and customer support. Regularly run simulated scenarios to test the efficacy of your plan and identify any areas that need improvement. This testing will also provide an opportunity to assess how different teams collaborate and identify areas that require coordination and adjustment.

The one thing that will potentially cause the longest-term effect is reputational damage caused by any incident and you should regularly ensure your comms processes are tested to ensure that are proactive and not reactive and that goes back to culture. Empower proactivity and initiative.

Some additional pointers:

The rapidly evolving cybersecurity landscape requires businesses to stay informed about the latest threats and trends. From researching this article, the following additional tips to further enhance an organisation’s cyber resilience became clear:

  • Regularly update your software and systems to patch any vulnerabilities that could be exploited by cybercriminals.
  • Implement network segmentation to isolate critical systems and prevent lateral movement in case of a breach.
  • Conduct regular vulnerability assessments and penetration testing to identify and address potential weaknesses in your infrastructure.
  • Establish incident communication protocols to ensure clear and efficient communication during a cyber-attack.
  • Stay informed about emerging cyber threats and share relevant information with your employees to keep them vigilant and prepared.

Cyber resilience is an ongoing process that requires continuous monitoring, evaluation, and improvement. By prioritising cyber resilience and implementing these measures, you can reduce an organisation’s overall risk exposure and enhance cyber resilience.
 


Want to learn more about digital and cyber resilience? Come along to the International Security Expo, which is taking place 26-27 September 2023 at Olympia London, where Resilience First has curated the programme for the Risk and Resilience Conference. Get your free pass here.


Philip Ingram MBE BSc MA is a journalist specialising in the cyber, security, counter terror, defence and intelligence arenas. His knowledge is built from a long and senior military career as an intelligence and security officer, a strategic planner (who has helped take over a couple of countries or regions) with business experience at board level in the steel industry and now media industry; he maintains a close interest in global events.  Philip runs his own media company, Grey Hare Media, and specialises in delivering informed content.