What is cyber resilience?
Cyber resilience is an organization’s ability to prevent, withstand and recover from incidents that use or are enabled by IT resources. These incidents are not limited to deliberate attacks; they can also result from non-malicious events like errors by IT admins, power outages and equipment failures, all of which could lead to IT system disruptions or downtime that affect business processes.
The goal of cyber resilient is simple: To enable the organization to continuously deliver on its objectives or mission by keeping the IT environment up and running as much as possible — and getting it back up and running quickly when a disruption does occur.
A practical approach to cyber resiliency
5 Steps to Battle Endpoint Cybercrime with KACE
Be Prepared for Ransomware Attacks with Active Directory Disaster Recovery Planning
Benefits of cyber resilience
Reduced risk of costly breaches
Increased user productivity
Fewer fines and penalties
Stronger customer satisfaction and loyalty
What are the 4 pillars of cyber resilience?
There are 4 key pillars to cyber resilience:
Anticipate
Organizations need to anticipate many types of adversity, including:
- Cyberattacks like ransomware, denial-of-service (DoS) attacks and advanced persistent threats (APTs)
- Social-engineering attacks like phishing and spear-phishing
- Natural disasters such as flooding or earthquakes
- Structural failures like power outages
- Stresses such as unexpectedly high loads on systems
- Harmful activity, whether malicious or accidental, by legitimate users, especially around critical information systems or confidential data
Withstand
Organizations also need to take steps to ensure that essential functions can continue in the face of adversity. This requires identifying those essential functions, along with all supporting processes, systems, services and infrastructure. Then take steps to minimize the risk of those functions being disrupted by the types of adversity you identified.
Recover
It’s also important to be able to restore essential functions during and after adversity. Be sure to prioritize your recovery operations and consider using a phased approach. For example, by restoring your most important Active Directory domain controllers, you can quickly get the business up and limping, if not running at full speed. Keep in mind that you need to be able to trust that restoring a systems will not also restore the threat, such malicious software like Trojans or a backdoor for cybercriminals to regain access to your information systems.
Adapt
Cyber resilience is not a once-and-done event; it’s a never-ending
process. Because your business needs, your IT ecosystem and the cyber threat
landscape do not stand still, you need to regularly assess your inventory of
critical business functions and their supporting capabilities, as well as your
mitigation, response and restoration strategies.
What is the difference between cybersecurity and cyber resilience?
Cybersecurity, as the word indicates, is focused on security: protecting IT systems and data from being compromised. This is a vital component of cyber resilience, but cyber resilience is broader: It is focused on preventing or quickly reverting disruption to IT operations.
A computer system could have strong cybersecurity without being cyber resilient. For example, a single desktop that is not connected to the internet and that is protected by multifactor authentication (MFA) has strong cybersecurity. However, if it can be wiped out by a tornado or a piece of malware introduced via a USB device, it is not cyber resilient.
In short, cyber resilience involves cybersecurity but its focus is on agility and business continuity.What are the 5 key components of a cyber resilience strategy?
A strong cyber resilience strategy involves all of the following key components:
Identity governance and administration
Identity governance and administration is at the center of a robust cyber resilience strategy. By ensuring that only the right people get the right access to the right resources at the right time, you can dramatically reduce your risk of suffering a cyber incident. Ensure you can grant access rights by defined roles, rules and security policies, and that business owners can easily perform regular access certification.
Privileged access management
Hackers target privileged accounts for good reason — they provide access to sensitive information and control over vital systems. To thwart malicious activity, you need to closely govern and monitor privileged access. Look for capabilities such as granular delegation of administrative access, a password vault to secure privileged credentials, and security threat analytics over recordings of privileged sessions.
Hybrid Active Directory security and management
It’s simple: If your Active Directory is down, your business is down. Therefore, it’s vital to be able to defend against, detect and recover from cyber incidents that affect your AD. Make sure you can prevent attackers from changing your critical groups or GPO settings; identify and mitigate attack paths that they could use to seize control of your domain; detect and respond to indicators of compromise (IOCs); and be prepared to quickly restore your AD domain or forest.
Unified endpoint management
Many cyber incidents begin on endpoints. Accordingly, it’s vital to know exactly what endpoints you have and manage, secure and patch them effectively. In addition, you need continuous auditing and intelligent alerting on suspicious activity so you can respond promptly to cyberthreats.
Backup and disaster recovery
Not all cyber incidents can be prevented, so it’s essential to have a
comprehensive backup and
recovery plan that accelerates disaster recovery across your on-prem,
cloud or hybrid environment. Be sure that the solution you choose offers
secure storage of backups out of the reach of attackers, flexible recovery
options, and safeguards against malicious code reinfecting your systems upon
restoration from backup.
Where can I get help with improving my organization’s cyber resilience?
Quest offers an identity-centered, defense-in-depth approach to cyber resilience. Our comprehensive suite of cyber resilience solutions cover all 5 key components detailed above: