What Is Cyber Resilience?

Cyber resilience refers to an organization’s ability to prevent, detect, respond to, and quickly recover from IT disruptions. These may include security incidents like cyberattacks as well as power outages, natural disasters, equipment failures, human error, and other known and unknown crises or challenges. A cyber-resilient organization will be able to keep information systems and critical infrastructure functioning as much as possible, and get business processes up and running quickly after a cyber incident or disaster. Cyber resilience encompasses a broad range of strategies, technologies, processes, and practices that ensure the organization can maintain a strong security posture and continue to operate despite IT adversity.

Cyber-resilient companies have the ability to:

• Defend against threats and failures that negatively impact the availability of information technology systems or the integrity and confidentiality of information and services.
• Prepare for, respond to, and recover quickly from cyberthreats with minimal disruption to business operations and IT services.
• Adapt to known and unknown threats, challenges, and crises.
• Align practices, protocols, and controls to achieve information security, business continuity, and organizational adaptability.

The National Institute of Standards and Technology (NIST) has outlined four key goals for a cyber resilience framework.

• Anticipate. Cyber-resilient organizations cultivate clarity around the kinds of attacks and threats most likely to damage the organization and prevent business continuity. To mitigate these threats, security teams may focus on practices, protections, and controls such as identity and access management, vulnerability assessment, microsegmentation, pen testing, and security awareness training.
• Withstand. Cyber-resilient organizations understand that they can’t prevent every attack or natural disaster. While still maintaining preventive measures, IT security teams adopt programs and technologies to help detect threats, mitigate attacks quickly, and effectively limit any damage.
• Recover. Organizations must be able to get systems up and running as quickly as possible after an attack or outage.
• Adapt. After each IT threat or challenge, security teams analyze the response, and adjust security programs and IT practices to further enhance cyber resilience.

A superior strategy for cyber resilience enables organizations to:

• Maintain business continuity. Even when cyberattacks are successful, a cyber-resilient organization will be able to minimize downtime, continue to operate business systems, and deliver services to customers.
• Enhance security. Cyber resilience strategies help security teams to identify external and internal threats more quickly and prevent costly data breaches. This includes utilizing threat intelligence about known vulnerabilities and exploitations.
• Increase productivity. By maximizing the availability of IT systems even during threats and outages, cyber resilience strategies ensure that employees have access to the data and systems they need to stay productive.
• Ensure compliance. A superior cyber resilience program will adopt the controls required to comply with a broad range of regulatory frameworks (e.g., PCI DSS v4.0), helping to prevent fines and penalties from noncompliance.
• Avoid financial loss. By preventing threats and recovering quickly from crises, cyber resilience strategies enable organizations to minimize the financial cost of lost productivity, lost business opportunities, lost data, and damage to reputation.
• Improve trust. Organizations that focus on cyber resilience can generate greater trust with customers, partners, vendors, and employees.
• Achieve competitive advantage. Cyber resilience enables organizations to avoid the high costs and distraction of crises and disasters that can get in the way of seizing business opportunities and maintaining a competitive edge.

In cybersecurity today, it’s no longer a question of if an organization will succumb to an attack, but when and how often it will happen. The threat landscape continues to evolve rapidly as threat actors and hackers find new ways to penetrate defenses, exploit weaknesses, and access IT environments to cause disruption or steal data and money. At the same time, IT ecosystems have become increasingly complex and distributed as organizations embrace digital transformation and trends like cloud computing, BYOD, and work-from-anywhere workforces. A strategy of cyber resilience enables security teams to expand their focus from strictly preventing attacks to achieving what really matters: maintaining business operations and IT services no matter what type of threat or adversity they encounter.

Cyber resilience strategies focus on four key areas.

• Cybersecurity. Cybersecurity policies and solutions are essential to a cyber resilience strategy. Security teams may deploy multiple layers of defenses to reduce the organization’s attack surface and to monitor, detect, defend against, and respond to threats and intrusions.
• Business continuity. Business continuity initiatives ensure that the organization can continue to operate and that employees, customers, and partners have access to IT services, data, and systems.
• Risk management. Risk management efforts identify, assess, and control threats to the organization’s IT ecosystem. An effective cyber risk management program helps security teams identify and prioritize the many layers of risk confronting the organization.
• Disaster recovery. Disaster recovery is the set of procedures, policies, and tools that organizations deploy to recover quickly from outages and attacks, and to restore mission-critical functions.

When building a cyber-resilient organization, security teams may choose to adopt a variety of techniques and technologies, including:

• Identity and access management
• Hybrid Active Directory security and management
• Endpoint security
• Backup and disaster recovery
• Intrusion detection and prevention systems
• Encryption for sensitive data at rest and in transit
• Data security solutions that enhance data protection
• Malware protection
• Network security solutions like microsegmentation, antivirus software, and network firewalls
• DNS security solutions, including a DNS firewall
• Web security solutions like a secure web gateway (SWG), web application firewall, and vulnerability scanners
• Optimal cadence for updates and patches
• Physical and environmental security
• Supply chain and third-party risk management programs
• Security awareness training
• Incident response management
• Data leak protection (DLP) solutions
• Security information and event management (SIEM) platforms
• Application and API protection, including API gateway security