Call (716) 373-4467
27Apr

The Importance of Cyber Resiliency

What is Cyber Resilience?

The most common definition of cyber resilience is the ability of an enterprise to limit the impact of security incidents. It’s a broad approach that encompasses cybersecurity and business continuity  management, which aims to defend against cyber attacks and ensure that the business is able to survive.

Cyber resilience includes two primary components. Step 1 includes prevention measures, such as the ability to continuously discover and monitor all points in your attack surface and analyze this information to predict likely breach scenarios. Step 2 is to develop a plan to take appropriate action if and when an attack occurs. 

Unfortunately, most businesses fail to develop a plan.

Step 1: Assess the Risks

Before you implement an incident response plan, you’ll first need to assess the risks to which your company is exposed. Risks may include:

  • Strategic – the failure to implement business decisions that align with the organization’s strategic goals;
  • Reputational – negative public opinion;
  • Operational – loss resulting from failed internal processes, people, system, etc.;
  • Transactional – problems with service or product delivery; and
  • Compliance – violations of laws, rules, or regulations.

To conduct a risk assessment, you’ll need to:

  1. Characterize Your Business – Some questions to ask are: What kind of data do you use? Who uses it? What is the data flow? Where does the information go?
  2. Identify Threats  – Common threat types include unauthorized access, misuse of information, data leakage or unintentional exposure of information, loss of data, or disruption of service or productivity.
  3. Determine Inherent Risk and Impact – What would be the impact on your organization if the threat were exercised? Would the impact be high, medium, or low?
  4. Analyze the Control Environment – You typically need to look at several categories of information to adequately assess your business’s vulnerabilities. Are your controls satisfactory or do they need improvement? A few examples of controls you might want to look at include:
    • Organizational Risk Management Controls
    • User Provisioning Controls
    • Administration Controls
    • User Authentication Controls
    • Infrastructure Data Protection Controls
    • Data Center Physical and Environmental Security Controls
    • Continuity of Operations Controls
  5. Determine Your Organizational Risk – To do this, you’ll need to consider how high the threats are and how vulnerable the controls are. From there, you can decide if the risk is severe, elevated, or low.

Regular risk assessments are a fundamental part of your business and they should be reviewed regularly. Once you’ve completed your first risk assessment, you can implement an incident response plan. 

Step 2: Develop the Incident Response Plan

An incident response plan will identify the actions that should be taken when a data incident occurs. The aim of it is to identify the attack, contain the damage, and eradicate the root cause. When your organization responds to an incident quickly, it can reduce losses, restore processes and services, and mitigate exploited vulnerabilities. 

The SANS Institute’s Incident Handlers Handbook defines a six-step incident response plan:

  1. Preparation: This step involves creating an incident response team and outlining their roles and responsibilities. You’ll need to develop policies to implement in the event of a cyber attack, as well as a communication plan.
  2. Identification: Decide what criteria calls the team into action, such as a phishing attack. Start to assess the incident and gather evidence. 
  3. Containment: Once your team isolates a security incident, the aim is to mitigate the damage. This includes an instant response, such as taking down production servers, a system backup, and long term containment, such as installing security patches on affected systems. 
  4. Eradication: Contain the threat and restore systems to their initial state. This step also includes seeing if the attacker reacted to your actions and anticipating a different type of attack.
  5. Recovery: Ensure that affected systems are not in danger and can be restored to working condition. Monitor the network system to ensure that another incident doesn’t occur.
  6. Lessons Learned: Review the steps you took and see if there are areas for improvement. This report can be used as a benchmark for comparison or as training information for new incident response team members.

Following these steps can prepare your organization for a security incident and ensure that you’re taking appropriate measures.

Blue Partner Logo

Blog Provided Courtesy of Datto

Back to view all blog posts

Comments
comments powered by Disqus
Administrative Privileges AI algorithms Annual Security Training Anti-Virus Artificial Intelligence Authenticator App Backup and Recovery Backup Redundancy BCDR breach prevention Breach Prevention Platform Breaches business continuity Business Email Compromise Business Email Compromises Business Phone System Business Software BYOD Call Directory Cisco Cloud Accounts Cloud Infrastructure Cloud Security Cloud Solutions Comprehensive Cybersecurity Compromised Credentials computer support Computer Upgrades Conditional Access Credential Theft Cyber Attacks Cyber Criminals Cyber Defenses Cyber Insurance cyber liability insurance Cyber Risk Management Cyberattacks Cyberinsurance cybersecurity Cybersecurity Awareness month Cybersecurity Breach Cybersecurity Culture Cybersecurity Training Cybersecurity Webinar Dark Web Dark Web Monitoring Data Backup Data Backup and Recovery Data Backup Solution Data Breach Data Breaches Data Governance Data Management Data Privacy Compliance Data Privacy Regulation data protection Data Recovery Data Restoration deepfake Deepfakes Defense in Depth Denial of Service Device Security Disaster Recover Disaster Recovery DNS Filtering doug wilson employee cybersecurity training Endpoint Detection and Response field technician Foundation Security Gift Card Scams Hackers Hosted VoIP i.t. service provider Identity Theft incident response plan Incident Response Planning Insider Threats Internet Explorer Internet of Things Intrusion Detection Intrusion Prevention IoT Devices IT Compliance IT Infrastructure IT Myths IT Partner IT Policies IT Resource IT Security IT Service Provider IT Services Juice Jacking Local Admin local admin privileges Lost Devices M365 malware Managed Clients Managed IT managed service provider managed services Manages Services MFA Microsoft Microsoft 356 Microsoft 365 Copilot Microsoft Office Mobile Devices MSP MSP501 Multi-Factor Authentication Network Monitoring Network Security Network Testing New Computer NIST Framework Offboarding Office 365 Outlook Outsourced IT Password Manager Password Managers Password Protection password security Passwords Patch Management Patches Patching PC Performance Penetration Testing Personal Data phishing Phishing Attacks PII Proactive Monitoring Processor productivity Professional Tune-Up Public WiFi Push-Bombing RAM Ransomware Ransomware Prevention Recovery Time Calculator Remote Monitoring Remote Working repeatbusinesssystems Ring Groups risk assessment Risk Management Risk Tolerance Rock-It VoIP RTO Costs Scammers Scams security Security Assessment Security Awareness Training Security Defaults Security Key Security Scans SLAM Method Smishing SMS Social Engineering Social Media Security Solid-State Drive Sponsored Google Ads SSD stolen credentials Storage Teams technical support scam technology best practices Technology Management Technology Policies Technology Review Threat Detection Threat Identification Threat Modeling Updates virus VoIP Systems VPN Vulnerabilities Vulnerability Assessment Warning Signs Webinar Windows 8.1 Work Computers World Backup Day