Cyber resilience: a five-point plan

Cyber resilience: a five-point plan

by Ryan LaSalle, managing director of growth and strategy and cyber defence lead at Accenture Security for the Telegraph

What can businesses do to gain ground on the cyberattacker and maintain cybersecurity?

Recent investment in cyber resilience has led to improved performance, as security teams successfully defend against increasing numbers of cyberattacks, which have doubled in the past year. That is good news, but there is no time to stand still – more work needs to be done on the security foundation as well as defending against new and emerging threats.

With so much of our lives and businesses today being conducted online, the risk of cybercrime is growing. Organisations seeking to employ new business models, build extended ecosystems and adopt more flexible workforce arrangements expose themselves to new risks as they evolve.

Here are five ways to maintain cyber resilience:

Be brilliant at the basics

A benefit of the recently introduced GDPR regulations is that organisations are now regulated around what data they hold on others. More often than not, that includes 30-50pc more data than is ever going to be useful.

Businesses should view that excess as exposure – using it as an opportunity to review the data gathering processes and the data utility to reduce the risk of over-collection. Business leaders need a detailed knowledge of their core data assets, where they are, and how secure they are.

With that complete, business leaders should ensure that when a breach occurs, their organisation’s data is stored and secured in a way that offers the greatest frustration to would-be attackers. Security programmes should be designed with cyberattacks in mind, and any old applications, systems and procedures that do not stand up to real-world testing need to be more closely monitored until replaced.

Plan for the worst, and you are best prepared.

Test like an attacker

Your method of testing your security should simulate the most likely attacks in a realistic environment. Complex threats call for complex measures and testing the way your company would react to a genuine threat is the best practice.

And practice you should. Enhance both red attack and blue defence teams with player-coaches that use threat intelligence and communicate closely with each other to analyse where improvements need to be made.

Employ advanced technologies

Automated attacks, like distributed denial-of-service (DDoS), attempt to overload systems with traffic. So, if criminals have been using automation for years to conduct attacks at high speed and huge scale, it stands to reason that security professionals should automate their defences, too.

Here, critical technologies, such as artificial intelligence, big data analytics and machine learning enable security teams to react and respond in nanoseconds or milliseconds. Automated orchestration capabilities can protect networks the moment a threat is detected, and advanced behavioural analytics and identity access management can bring new levels of protection into critical transactions, automatically.

Be the hunter

Organisations must develop strategic and tactical threat intelligence to foresee the threats most likely to affect them. That means monitoring for anomalous and suspicious activity, outside and inside their networks. The activity may be strategic, such as a high-level notification of mounting campaigns targeting your industry, or tactical, such as a machine indicator of compromise that can sound early alarms.

With that in hand, proactive organisations seek out evidence of compromise to lessen the impact and thwart the attacker. By becoming more proactive, you can adopt a “find them before they find you” approach to attackers.

Evolve the role of CISO

Higher levels of involvement in cybersecurity from the CEO and board place new demands on the chief information security officer (CISO) today. CISOs need to adapt their role to serve as senior executives with the ear of the CEO. To fulfil this new role, CISOs will become security interpreters to the board and the executive board, explaining growing cyber threats, key risks to strategic programs and the investments and innovation needed to combat them going forward, in a vernacular everyone understands.

To do that effectively, today’s CISO needs to operate in a leveraged model, influencing a “security first” culture from the top of the business down. Business leaders need support to understand the cyber risk for which they are accountable and, in partnership with the CISO, what key actions they can take to become cyber resilient.

The pressure on security teams will continue to build as larger numbers of more dangerous threats emerge in the future. Progress has been good – if organisations continue current levels of improvement in cybersecurity, within three years they could achieve a sustainable level of cyber resilience, where security becomes “business as usual.” But the enemy is being kept at bay rather than eliminated – there is still some way to go to be cyber resilient.