“Cyber Resilience” has gained significant traction in the ever-evolving cybersecurity landscape. Cybersecurity vendors and professionals frequently use this term, but its meaning can vary greatly depending on an organization’s perspective. Let’s delve into cyber resilience and how it differentiates from traditional cybersecurity concepts.
What is Cyber Resilience?
Here’s how some industry leaders define the term:
NIST (National Institute of Standards and Technology): Cyber resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.
Cisco: Cyber resilience refers to an organization’s ability to identify, respond, and recover swiftly from an IT security incident. Building cyber resilience includes making a risk-focused plan that assumes the business will face a breach or an attack at some point.
IBM: Cyber resilience is an organization’s ability to prevent, withstand, and recover from cybersecurity incidents.
Additionally, frameworks like the US Department of Homeland Security’s Cyber Resilience Review and Symantec’s Cyber Resilience Blueprint have formalized the concept, introducing structured approaches to achieving resilience.
When we read through these, we see many terms that remind us of cybersecurity concepts that have been around for a while, such as business continuity.
Cyber attacks are traditionally considered to be a threat to business continuity and resilience is often positioned as a component of business continuity management.
So, is cyber resilience simply a term that describes business continuity against cyber threats?
Another example is “identify,” “respond,” and “recover” as mentioned in the NIST / Cisco / IBM definitions and The Symantec Pillars. These same terms, however, are often steps in incident response frameworks.
Does this mean that cyber resilience is simply a mature incident response capability for all types of cybersecurity incidents?
The point is that many definitions of cyber resilience can be too broad or similar to existing terms that promote very similar concepts. It can be difficult to draw out a unique meaning from this term to drive cybersecurity strategies without more specific details.
Microsoft’s Definition
Mark Simos from the Enterprise Cybersecurity Group at Microsoft had an interesting take cyber resilience that he shares in Differentiating Between Cyber Security and Cyber Resilience.
In this video. he details four concepts that are very practical when considering cyber resilience as a strategy.
Cyber Resilience as a Strategy
Start with the right mindset: ” You have to accept that sometimes the attackers will succeed, and you have to be ready for it.”
Have the technical foundation that helps support it: Mark is emphasizing cloud technology and the advantages of being able to run potential scenarios through millions of data points and identify risk. Although cloud technology is highlighted here, adapting modern technologies in cybersecurity as an organization gives you an advantage.
Cyber Hygiene: What we like here is later on, Microsoft uses a better term that resonates. Mark detailed “you want to make it expensive to attack you.” How do you do that? By practicing good cybersecurity hygiene. This can include patching vulnerabilities, configuring secure architectures, configuring properly working security controls, etc. By hardening your organization, it will be very expensive for attackers to use resources to actually breach you. As a result, they may move on to other similar targets that may not have as good of cyber hygiene and might be “cheap to attack.”
How fast can you kick them out: “Mean Time To Remediation” as a metric essentially measures “how fast can you kick them out when they get in.” So having speedy and effective detection and response capabilities is the fourth concept emphasized in this role.
These concepts align with Proficio’s cybersecurity strategies. Stay tuned for our next article on Cyber Resilience.
Learn how our Proactive Protection Bundle to builds cyber resilience. Request a demo
Bryan Borra, Vice President, Product and Content Management, Proficio
Bryan is responsible for leading Proficio’s product roadmap and managing our threat detection engineers. He specializes in SIEM content engineering, network intrusion analysis, operational use case development, and threat intelligence.
