Cybersecurity threats have always been part of the digital landscape. Organizations of every size and industry and entire nation-states have faced attacks that include infected devices, stolen information, and disrupted systems. But what happens when private organizations are charged with protecting critical infrastructures and with securing the data that runs our most essential resources?
As US President Joe Biden noted in March, the current administration “will continue to use every tool to deter, disrupt, and respond to cyberattacks against critical infrastructure. But the federal government can’t defend against this threat alone. Most of America’s critical infrastructure is owned and operated by the private sector, and critical infrastructure owners and operators must accelerate efforts to lock their digital doors.”
Across the globe, there is an urgent need for both public and private organizations to do more than react, making cyber resilience imperative, regardless of what type of data or resources we are trying to protect. Doing more, in the case of a successful public-private partnership for cybersecurity, starts with collaboration and knowledge sharing.
Traditionally, corporate and government organizations have guarded security intelligence. But this mindset is changing, as evidenced by the Cybersecurity and Infrastructure Security Agency’s (CISA) August 2021 launch of the Joint Cyber Defense Collaborative. Addressing cybersecurity as a shared responsibility can make everyone more aware of emerging threats and help to collectively drive the roadmaps of key security vendors to develop technology to protect, detect, respond to, and recover from potential attacks.
Along with a new mindset of collaboration, industry standards for business continuity and disaster recovery need to adapt to the times. Existing methodologies to determine an organization’s level of resilience, including checklists, maturity models, and self-assessments, are unreliable indicators of recoverability.
Instead, resilience programs with agile capabilities have the muscle memory to maintain availability when risks arise. Resilience programs consider ‘cyber hygiene,’ the practice of regularly performing actions to maintain assets secure, as essential. These organizations consider the ecosystem and know which levers to pull in response. These are additional steps that cyber resilient businesses must take now:
Being proactive about cyber hygiene
Organizations should engage cyber hygiene in advance, not in response. One of the best ways to see a return on security investments is by focusing on core fundamentals such as asset, vulnerability, patch, and privilege management.
Ensuring your organization is building monitoring capabilities that rely on risk indicators to anticipate outages (using tooling), focusing resilience efforts on risk modelling and using AI Ops (Artificial Intelligence for IT Operations) to correlate events and detect anomalies can help you keep a proactive position on cybersecurity.
Doing response and recovery testing
Many incident response plans (IRPs) are based on static compliance and audit activity that won’t accurately reflect a real cyberattack nor effectively respond to one. Designing an IRP and executing recovery testing are often neglected due to a strain on cost, time, and resources; however, their importance cannot be overstated.
Salesforce has identified ten steps companies should take to create their own effective IRP. The Board and executives should have confidence in the recovery – that things will work on a bad day when they have a demonstrated capability proven through complex testing.
Counting on a reliable source of truth
Resilience programs must have a reliable source of truth that all business units align with. Access to centralized and automated data for managing and responding to disruptions, and confidence in this data, can inform and shape decision-making.
Knowing what you have, how updated it is, who has access, what kind, and what they’re doing with those resources forms the foundation of any mature enterprise security program and allows for much faster execution of transformative security programs such as Zero Trust.
Backing up critical data
Data volumes have grown, and IT systems have turned more complex, making it essential that we evolve data recovery methods to match. The traditional approach of manually backing up on-premise servers to off-site storage simply doesn’t suffice.
A new approach to enterprise digital resilience might include cyber vaults for critical system configuration and backup, immutable backups that provide the ability to restore a snapshot in time, and rapid virtualization of client/endpoint to quickly ramp up device access. In contrast, corporate devices are being forensically studied, remediated, and reloaded.
Getting ready for the long haul
Across industries, we have seen just how volatile business can be. Organizations that experience significant downtime or data loss lose customers to competitors, making digital resilience an increasingly competitive advantage.
Ultimately, resilience is a journey with no finish line. For every significant company, resilience needs to be measured, implemented, governed and adhered to in a standardized fashion that leverages automation across an entire ecosystem. By adopting cyber hygiene practices and resilient attributes, companies can significantly reduce risk and build the operational muscle to recover from cybersecurity incidents.
Vikram Rao is Chief Trust Officer, Salesforce
This article was originally published in the World Economic Forum.