18 December, 2023

Building Cyber Resilience

It is a stage of complex and large scale cyber threats when the cyber resilience takes on a significant importance for business enterprises. Compared to standard cybersecurity, cyber resilient entails forecast and counteract effects that can be generated by such threats.

Many modern cyber attacks are outside most standard cyber-security frameworks. A recent NIST study showed that most the current cyberstrategies focus more on identity, protection, and detection with little attention on the response and recovery processes. It is also an imbalance that leaves these organizations vulnerable to failure as they make efforts to meet regulatory laws like, the US Securities and Exchange Commission requirement to comply with them.

We are unfortunately faced with a cyber defense speed inadequate for the increased speed of evolution experienced by modern cyber criminals. For example, like our bodies can be inoculated with vaccines against some of the known and unknown diseases, organizations can develop a kind of immune system that allows facing some of the well-recognized and new enemies on the Internet.

A robust cyber resilience strategy operates on four key time scales: anticipation, absorption, responsiveness, and shaping. These stages are underpinned by seven adaptive design principles: For example, Prudence, Redundancy, Diversity, and Modularity or embeddedness, Adaptation, Re-Imagining and so on.

Anticipation intends to prepare a given organization for any probable cyber-threat. Such actions would include conducting general education and drills at different organizational levels including for its IT department.

Absorption refers to the organization’s ability quickly absorb the shock of the breach. Such magnitudes of a breach are curbed through redundant systems and processes as well as different technology and operations.

Responsiveness relates to recovery measures after a successful attack on an organization. This entails prompt responses that embrace learning and subsequent scaling up of the victorious actions taken to counter the break-in.

Post-breach, in the shaping phase, institutions adopt a strategy towards better resilience and shape based on lessons learned. It includes identifying causes of problems that occurred, factors that can lead to other difficulties, and altering enterprise activities to be resilient towards the emerging threats.

It’s also important to mention that cyber resilience is more than just strong IT infrastructure. Instead, there should be a “resilience culture” within every branch of the company. This necessitates a move from mainly protection orientation to a comprehensive approach that embraces equitable resilience. However, the managed, measured and biologically inspired philosophy of cyber resilience enables companies to secure themselves against attacks while outsmarting their competitors and enemies.