Over the past decade, digital transformation has become a buzzword in nearly every industry. Organizations have downsized their workforce, moved servers and networks off-premises, and transferred data to the cloud in favor of automation, but most have maintained the old ways when it comes to thinking about cybersecurity.
But things are finally changing, and the idea of cyber resilience has taken hold as an extension (or enhancement) to traditional business continuity (BC) and disaster recovery (DR) planning.
Digital transformation requires digital resilience
If your organization is hit by a massive cyberattack, how will you keep your company running in the most basic way while your security and technology organization rebuilds everything? assumes you have a (no compromise/complete) backup and rebuild process in place. However, for large companies, rebuilding machines, infrastructure, customer environments, etc. is still time-consuming and expensive.
This is on top of the time and money you’ve likely already invested in mastering traditional BCP/DR. But it’s these investments that go against you when it comes to being truly cyber resilient.
For example, we’ve all been taught how important it is to back up our data. It started with weekly or even nightly backups. But now it’s pretty much constant, including malware that may have gotten onto your network. Are better, more frequent backups at risk of greater impact? More sophisticated strategies (moving some backups to immutable locations, advanced anti-malware constantly scanned by a solution, stored in an air-gapped cyber vault, etc.)?
In addition to backing up the system, should I consider continuously extracting the latest orders in the system out-of-band so that if I suddenly lose everything I have an alternative way to process the orders? ? Do you also back up the authoritative documentation (support model, security model, etc.) that your team needs to rebuild everything to the same fully integrated state?
Or take single sign-on (SSO) for example. “What would you do if your SSO was compromised and suddenly you couldn’t log in to anything? Or what if you lost access to your automated call center and purchasing system? Not a single employee is prepared to do so, and the more you rely on automation and a single solution, the more you hamper your ability to recover when that solution goes down. No one claims MFA is bad, and that’s great, but be prepared to quickly switch to a reduced login experience if you temporarily lose access to your MFA or SSO provider are you ready?
Having a virtual desktop is great, but if you lose access to it, you can’t ask people to go home and use their personal devices, exposing your organization to compliance and legal risks. It will be
It’s not that these investments are bad. But the more we depend on the technologies we use every day and the security solutions we implement, the more we need true cyber resilience.
Achieving cyber resilience
The first thing organizations should do is recognize that this is a difficult task. There are no easy answers, but given the enormous financial, operational, and reputational risks associated with large-scale cyberattacks, we cannot pretend that this is not the status quo. is acknowledging that you have a problem.
The second step is to commit that it’s not just an IT, business, or security organizational issue. Implementing the attributes of a cyber-resilient organization requires collaboration across the business. We’ve spent years finding ways to do more with less. When the time comes to rebuild everything, it will be important to have an agreed-upon playbook for the order in which you rebuild your systems and get your business back on track.
All businesses must work together to identify what is important to keep their businesses running. Of course, when everything is running smoothly, everything looks “critical” to your business, but when faced with a critical security event that requires a rebuild, you can’t undo it all at once.
Consider how to maintain command and control among your most critical personnel when you can’t access your primary collaboration platform. Should you maintain a “dark site” for important employee communications? Or do you need to enhance the ability to bulk dial your entire company to convey important messages? Do you need to use different email and messaging capabilities that are not related to your primary domain? SSO, MFA, We have spent years securing the use and access of SaaS providers, such as by allowing access only from authorized IPs. Is it a matter of business risk and have you done it?
If you don’t have a month to close, is month-end closing important? Companies need to identify what obligations they have to sustain their business, and it usually comes down to product and money movements . Paying creditors, employees, compliance, and regulatory obligations are all important. Being able to move physical products, tangible logistics, where applicable. What are your critical systems?
Additionally, what process (usually a combination of technology and business processes) is required to undermine a company during a turnaround? This involves identifying key employees and providing them with secondary machines. or providing a thumb drive that boots directly into a secondary operating system. Identity systems, connection points, provider relationships and required alternatives.
The considerations highlighted in this article are not intended to be comprehensive or apply equally to all companies. The important part is doing this thought exercise yourself. Solve all scenarios. There will be things you can’t see. This exercise goes beyond just ticking his traditional BCR/DR box to help put an organization on the path to cyber resilience.