The workforce experienced a cataclysmic shift to remote models due to COVID-19. Businesses were forced to digitalise in a matter of days, a process that would have traditionally taken months if not years. With the entire workforce working from home, cyber-attackers saw this as an opportunity to step up their criminal activity and exploit vulnerable employees.
Jonathan Jackson, director, pre-sales APJ at BlackBerry, defines cyber resilience as an organisation's ability to respond to, prepare for and recover from a cyber event, or a cyberattack.
“It helps you to protect against cyber risks that are happening in the world, defend against and minimise the severity of those attacks. Essentially, cyber resilience is about being able to survive a cyberattack and to bounce back from an organisational perspective,” he continued.
Why care about resilience?
Jackson agreed that how organisations work, how people interact with each other to go about their business has significantly changed in the last 18 months. The security landscape has changed as well.
“We see threat actors out there, exploiting vulnerabilities in networks, vulnerabilities with users, vulnerabilities with applications. And because the threat landscape changes so much, we've got to make sure that we've got an approach to a business model, which is flexible to be able to allow for resiliency with regards to cyber events,” he added.
As such he believed that organisations should care about cyber resilience and that it should be “front of mind” for everybody in this day and age.
Impact of COVID-19 on cyber resilience
A December 2020 survey of 130 HR leaders by Gartner revealed that 90% of respondents plan to allow employees to work remotely at least part of the time, even after the COVID-19 vaccine is widely adopted. Sixty-five per cent of respondents reported that their organization will continue to offer employees flexibility on when they work.
Jackson opined that across markets like Hong Kong, Singapore, Indonesia and Australia, a lot of organisations are still not able to get back to work. Since Q1 of 2020, employees have been allowed and mandated to work from home.
Fast-forward to Q1 2021, while organisations are allowing employees to return to the office premises, expectations are that a hybrid approach to work will remain for an extended period.
“The COVID-19 impact to businesses from a cyber resilience perspective has exposed the attack surface. So, we've seen threat actors pivoting towards vulnerabilities that COVID-19 has caused and some of these are really simple things like having to open Remote Desktop Protocol packets or RDP to the internet.
“This is an easy way for threat actors to gain access to your systems, and to be able to deploy things like ransomware and malware and stuff which we see happening all the time. COVID-19 has caused a significant challenge for organisations, both from an operational perspective, risk as well as cyber,” said Jackson.
Components of cyber resilience
For Jackson, cyber resilience comprise four elements: preparation, prevention, detection and response. He opined that in preparing for cyber resilience, “you are looking at being able to manage, assess and identify all the risks that are in your network, your systems, and those that will be across everything including your people, your data, your assets, and even into your supply chain.”
Preparation involves cyber awareness employee training, strategies around malware and ransomware protection, patch management, and privilege access controls. “Supply chain risk management, asset management, all those sorts of elements need to come together as part of the preparation phase,” he added.
For Jackson the goal of prevention is to stop a threat on its tracks. “This can be done very effectively with technologies, with artificial intelligence and machine learning models, which can adapt to be able to work out what is known good and what is known bad and stop that from executing in your organisation. So that's the prevention phase,” he expanded.
The detection phase is about being able to do things like active threat hunting, active detection, understanding what anomalies exist in your organisation, things that are a little bit more complicated, things for which organisations struggle with because of a lack of skills shortage in areas like digital forensics, incident response, compromise assessments, and red teaming.
Respond (aka recover) is the way that an organisation needs to deal with all sorts of interruptions, including cyber interruption. It might be an emergency incident, it could be a network outage or it could be a physical or cyberattack.
“It is about making sure you can communicate with your people in times of crisis, to be able to make informed business decisions. This is a crucial part of cyber resilience planning and capability. It is your ability as an organisation to respond and recover to the events as they happen,” added Jackson.
Challenge for CISOs and cyber resilience teams
Gartner acknowledges that security leaders have too many tools. Gartner found, in the 2020 CISO Effectiveness Survey, that 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio; 12% have 46 or more.
This may lead to what Jackson calls “alert fatigue” – when you have too many tools issuing alerts and status updates.
“Having the ability to be able to prevent things before they happen helps you to reduce those false positives or your SOC team having to sit in front of a monitor all day and try and ascertain what alerts are important and what threats are real.”
“My guidance to organisations would be to look for vendors who can reduce the fatigue for you, can give you deep insight into what's happening on your entire network, as well as through to your supply chain your partners and your customers, not just your employees but everything end to end and make sure that security is front in mind for everything that you use,” he concluded.
Recommendations for cyber resilience
With remote work, the new normal, Gartner recommends that organizations:
- Classify use cases by data and transaction risks before Technology selection
- Accelerate the migration to cloud-delivered security and modern management infrastructure
- Define new policy and procedures for data protection
Click on the PodChats player and listen to Jackson as he details the challenges that organisations must respond to the challenge of building and executive a cyber resilience strategy in the new normal.
- What is cyber resilience?
- Why should enterprises care about cyber resilience?
- Why is enterprise resiliency relevant during and after the COVID-19 pandemic?
- What are the components of cyber resilience?
- Where does cyber resilience fit in an organisation’s strategy to protect customer privacy?
- How does a CIO balance the need to protect customer data and implement enterprise-wide resilience strategies?
- What is your advice to business leaders when it comes to balancing the needs for innovation, resilience and the protection of customer data?
- Selecting the right strategy for the business.
- Where does BlackBerry fit in on an organisation’s cyber resilience strategy?