Authored by Samuel Fitzgerald, ITIL, CISA, CISM | Manager, Risk Management
To keep up with the new remote working environment, businesses were forced to quickly pivot and perform accelerated business transformations. Through this rapid movement and major change in how businesses operate, new risks were introduced as technologies may not have undergone adequate research and testing at the same rate as a typical technology solution in a non-pandemic environment.
In March 2020, during the same time new technologies were introduced to allow for remote operations, remote desktop protocol (RDP) attacks substantially increased. According to Kaspersky, the number of brute-force RDP attacks increased from 93,102,836 worldwide in February 2020 to 277,446,801 in March 2020. This is a 197% increase in a one-month time period. A year later in February 2021, the number of RDP attacks totaled 377,525,343.
To combat these attacks, cybersecurity and cyber resilience techniques should be implemented, tested, and revised to stay one step ahead of threat actors.
What is Cybersecurity and Cyber Resilience?
Both cybersecurity and cyber resilience play a role in keeping a business operating as usual.
- Cybersecurity refers to the processes and technologies in place designed to prevent damage, protect and restore computers, electronic communications, and wire communications, and to ensure data availability, integrity, authenticity, confidentiality, and nonrepudiation.
- Cyber resilience refers to the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.
In practical terms, cybersecurity helps prevent or reduce the chance of a successful cyber-attack while cyber resilience helps minimize the impact of a successful cyber-attack.
Why Should You Focus on Both Cybersecurity and Cyber Resilience?
Organizations can think of cybersecurity as the frontline defense against cyber-attacks. It involves implementing strategies and technologies such as:
- Training employees on a periodic basis against threat actors, both existing and emerging, and appropriate responses
- Ensuring technologies have the appropriate secured baseline configurations
- Ensuring internal and external networks are secured and protected by employing appropriate and effective polices and architectural designs
- Monitoring information and network systems continuously to detect cyber-attacks
- Verifying malware and anti-virus definitions are consistently updated for all technologies
- Implementing policies to control access and performing scans on removable media
- Managing user access to systems by providing the least amount of privileges necessary for the user to perform their job responsibilities
In the event of a successful cyber-attack, a mature cyber resilience program will help keep businesses operating while minimizing business disruptions. Cyber resilience involves strategies such as:
- Implementing a business continuity plan (BCP)
- Implementing a cyber-incident response plan such as a disaster recovery plan (DRP)
- Adopting security processes that embed cyber resilience into each employee’s day-to-day responsibilities
- Adopting agile processes that will allow an organization to change standard operations to focus on resolving cyber-attacks while minimizing the impact to normal business operations
How Can You Implement a Cybersecurity and Cyber Resilience Program?
While cybersecurity and cyber resilience should not be used interchangeably, plans should be created and integrated to address both. There are a few key steps involved in implementing these strategies including:
- Performing a risk assessment: Identifying risks within each of your core processes. Then, ranking those risks to determine the potential likelihood and impact that processes may have on the organization if they were to be compromised
- Identifying controls in place: Determine what controls are in place to help minimize the risk to business data, critical systems, and business processes
- Testing controls for the appropriate design and operating effectiveness: Determining if the controls in place complete their objectives as designed and if the controls are operating as expected
- Implementing corrective actions: After testing the controls, identifying the corrective actions that will correct the control shortcomings, or deficiencies
Threat actors know that as technology continues to advance, so does organizational reliance on technologies. It is up to each organization to perform their due diligence to help minimize the success of their attacks. Implementing and maturing your cybersecurity and cyber resilience are key steps in the right direction.