With the digital development and cyberattacks increasing, it becomes more and more important that all of society works with cyber resilience. But what is the difference between cyber resilience and cybersecurity? And what is needed in a cyber resilience strategy? In this blog post, we give you the answers!
How does cyber resilience differ from cybersecurity?
Cybersecurity primarily focuses on preventing, detecting, and mitigating cyber threats and attacks. It is a proactive approach aimed at protecting an organisation’s digital assets and data from unauthorised access, breaches, and damage. The main goal of cybersecurity is to create a robust defence mechanism to reduce the likelihood of cyber incidents and protect against known threats.
Cyber resilience, on the other hand, is a broader concept that encompasses not only the prevention of cyber incidents but also the ability to adapt, recover, and continue operations in the face of cyber disruptions or incidents. It acknowledges that no defence is perfect, and that incidents can still occur despite the best cybersecurity measures. The primary goal of cyber resilience is to ensure that an organisation can continue its critical operations, even when faced with cyber disruptions, minimising the impact on its overall business objectives.
What are the key components of a cyber resilience strategy?
A cyber resilience strategy involves a comprehensive approach to preparing for and responding to cyber threats and incidents. Here are some of the key components that make up a robust cyber resilience strategy.
Risk Assessment: Understanding the organisation’s unique cyber risks is the foundation of a cyber resilience strategy. This includes identifying critical assets, vulnerabilities, and potential threats. Conducting a risk assessment helps prioritise where to allocate resources for protection and recovery.
If you want to read more about risk analysis, you can read our know-how!
Incident response plan: An incident response plan outlines the procedures and actions to be taken in the event of a cyber incident. It should include clear roles and responsibilities, communication plans, and steps for containing, mitigating, and eliminating the threat.
Business Continuity Plan (BCP): A business continuity plan focuses on maintaining essential business operations during and after a cyber incident. It includes strategies for keeping critical functions operational, even if certain systems or data are compromised.
Disaster Recovery Plan (DRP): A disaster recovery plan outlines the steps to restore IT systems and data to their normal functioning state after a cyber incident. This includes data backups, system recovery procedures, and alternative infrastructure arrangements.
Employee training and awareness: Employees play a crucial role in cyber resilience. Training programs and awareness campaigns help staff recognise threats like phishing and understand their responsibilities in protecting the organisation’s digital assets.
Read more about security culture!
Continuous monitoring and threat intelligence: Proactive monitoring of the network and systems can help identify suspicious activities or vulnerabilities. Threat intelligence tools provide information on emerging threats, helping organisations stay one step ahead of attackers.
Supplier and third-party risk management: Organisations should assess and manage the cyber risks associated with third-party vendors, partners, and suppliers, as their vulnerabilities can impact your own resilience.
Executive and board involvement: Ensure that senior management and the board of directors are actively involved in and aware of the organisation’s cyber resilience strategy. They should provide oversight and support.
How to build your resilience
In a publication by ENISA (The EU Agency for Cybersecurity) and CERT-EU (the CERT of all the EU institutions, bodies and agencies), they have stressed the urgency of following some important points that are needed for strengthening your cyber resilience. There are some of these that can be fulfilled by using sufficient cybersecurity products and that are vital points in building a strong cyber resilience:
- Ensure that all software is up to date
- Employ appropriate network segmentation
Ensure that all software is up to date – and securely updated
One of the easiest ways to protect yourself is to update all software, and especially if they are security updates addressing known vulnerabilities. This need is due to the fact that in complex software, it is almost impossible to avoid errors and bugs which should be corrected quickly when found to ensure stability and security of the systems. In addition to correcting bugs, the manufacturers behind operating systems, firmware and applications drive a functional growth, which means that the systems gradually become obsolete and hard to maintain if they are not updated.
However, it is important to make sure that the updates themselves do not pose a security risk as an update means that information is imported or added to the system, and this can lead to unwanted malware entering the system. The integrity and availability of the systems must be maintained, and many system updates are usually not sufficiently screened or evaluated in the environment in which they are used or in combination with the applications running. To avoid the risks and to maintain the integrity and availability of the systems, and at the same time enable secure updates, special solutions are needed.
One solution is to use a data diode that ensures unidirectional communication. The data diode is connected in a way that secures that information can be imported into the system, but since no traffic can be transferred in the opposite direction, information leakage is hindered.
Another solution to further ensure that the update has not been manipulated, the import of update packages can be conducted using file sanitation consisting of two data diodes and a server for antivirus scanning, such as Advenica’s File Security Screener. The file sanitation conducts an independent control making sure that the update is valid. However, even in this case it is best to let the receiving update server verify the signature and thereby get another control of the accuracy of the update.
Learn more about how to conduct secure updates in our solution description!
Employ appropriate network segmentation
To protect your sensitive systems and information you need to use network segmentation. Network segmentation reduces the risk and limits the damage of a cyberattack. Without it, there is a risk that sensitive information can leak or be manipulated, and that malware and ransomware can spread uncontrollably and quickly. Attackers do not normally take the direct path to the target, such as electricity distribution. Instead, they worm their way in via weak points far out in the architecture, via email or customer service, to reach their goal. State-funded attackers are also equipped with patience, prepared to work long-term doing everything in small steps, and are unfortunately often one step ahead. The harsh reality is that industrial control systems may have been attacked without anyone noticing.
Segmenting network environments can be a very complex task including many different competencies and can have a major impact on ongoing operations. The complexity depends on aspects such as how big the environment is, what the current situation looks like, budget, what staff is available and the will of the management.
Here are five steps that you can use as a starting point when you start planning your segmentation project:
- Create a zone model
- Define what should be segmented
- Perform a security analysis of included systems
- Arrange the systems according to the zone model
- Implement, test and put into operation
Learn more about network segmentation in our know-how!
Do you want to know more about how we can help you build your cyber resilience? Read more about how we can protect you!