Prevent all cyber threats and incidents is simply impossible – as disappointing as it may seem.
As every organization has to deal with the fact that the threat is ever-present and we have to live with it, cyber resilience is key, in order to focus on building an organization’s capacity to withstand, respond to, and recover from disruptions while maintaining essential functions and services.
Governance and leadership
Establishing strong governance structures, policies, and leadership commitment to cybersecurity includes clear roles and responsibilities, risk management processes, and support from top management.
It’s important to remember that cyber culture has to come from the top! Decision-makers must show a willingness to take the subject in hand, or to entrust it to others, but in any case it needs to be prioritized. In fact, it’s not at the time of a crisis that security needs to be addressed, but rather on an ongoing basis, involving all teams.
In this sense, compliance with legal and regulatory obligations also has a role to play in guaranteeing an optimum level of upstream and downstream safety (NIS2, RGPD compliance…).
To this end, it’s important to perform regular security audits to assess risks and identify vulnerabilities that attackers could try to exploit, with a view to prioritizing the work to be carried out by our technical and security teams.
Collaboration and communication
Establishing effective communication channels and collaboration mechanisms both internally and externally is essential for cyber resilience. This involves coordination among different departments within the organization, as well as sharing threat intelligence and best practices with external partners and industry peers.
A collective drive helps to stay aware about emerging threats and how to cope with them. Also, breaking down internal silos to ease communication between security teams and other departments ensures a better and faster response in the event of a security incident.
In terms of external communication, collaboration and communication are also key to ensure a fast, coherent and transparent response for customers, press, investors, etc. in the event of an attack or security incident. Any in-house stakeholder needs to be able to identify which resource people to call on, which validation circuits information needs to follow, on which channels it has to be shared…
Employee training and awareness
Human factor is crucial in preventing social engineering attacks and maintaining overall cyber resilience. This is the reason why educating employees about cybersecurity best practices and creating a security-aware culture within the organization. Indeed, human error remains the leading cause of data breaches, with 31% of enterprises pinpointing this as the root cause according to a study by Thales in 2023.
Continuous learning and certification programs are crucial to ensure that security teams are preparaed to cope with the changing threat landscape: techniques, tactics, attacker groups, but also tools and solutions available to deal with them.
To maintain the level of awareness and vigilance, plan regular cybersecurity training sessions about threat landscape, phishing simulations… Cybersecurity is a rich and fascinating subject that you can correlate to a huge number of fields, from high tech to geopolitics – you’re bound to find angles that will speak volumes to your teams, whatever their expertise and sensibility.
Adaptability and learning
Organizations need to prepare to and also learn from incidents, update policies and procedures, and enhance security posture over time. In other words: continuously assess and adapt cybersecurity measures based on the evolving threat landscape – which involves a constant monitoring about context and new threats.
To do so, you need to be ready deploy incident response plan in the event of an attack. And in order to be ready, tabletop exercises on a regular basis will ensure processes relevance, and also that every stakeholder involved in crisis management is aware of their roles and responsibilities. This agility is key to dealing with an attack by making the right decisions at the right time for the fastest possible recovery, while learning from the incident to harden protection.
Recovery and continuity planning
Plan and implement strategies for recovering from cyber incidents and maintaining business continuity. This includes having robust backup and recovery processes, as well as plans for restoring critical systems and data – data that needs to be stored in an isolated and a secure environment.
Of course, making plans is all well and good, but you also need to test them regularly, with a view to identifying the key services and tools that need to be restarted first in the event of an incident, those that may be cut off, anticipating the interactions that may be interrupted and the consequences for the ability to communicate to manage a crisis effectively (which we’ll look at a little later).
This approach is essential in order to get your Information System and business back up and running as quickly as possible in the event of an attack. This is facilitated by IT monitoring features, and the ability of tools such as EDRs to collect and aggregate data related to the activity of an IT fleet.
Prevention and protection
Enforcing the protection of your infrastructure is essential to reduce the risks of intrusion, spying, data theft or ransom demand. Implement tools to prevent and protect against cyber threats, such as EDR, next-gen antivirus, IT monitoring tools, firewall… but also measures such as multi-factor authentication (MFA), Zero-trust approach…
You also need to keep all your solutions (softwares, applications, operation systems…) up to date to avoid vulnerabilites. This sounds like an old song, but these vulnerabilities remain an entry point for attackers, who will not hesitate to exploit them to their advantage. Use vulnerability scan and pentest to detect them, and automate updates to save time and reduce breaches.
All these prevention and protection actions must be applied by suppliers and third-party vendors as well: check that they comply with best practices and security rules, so that they do not represent an entry point to your Information System.
Also, to be able to recover as fast as possible, you need a perfect knowledge of the Information System (it also sounds like an old song, doesn’t it?), and segment your IT fleet properly depending on the criticality of your assets. Segmentation will help limiting the impact of an attack as attackers then won’t be able to move laterally; and mapping the Information System will help identify more easily where the incident started and spread, and isolate parts of it if necessary.
Detection and response
As mentioned above, investing in resources and up to date technologies is part of the prerequisites for optimum protection of your IT assets against ever evolving threats.
You’ll then be able to quickly detect and respond to cybersecurity incidents. This involves monitoring and analyzing tools, and also incident response teams (in-house or outsourced) to investigate and mitigate threats promptly.
Note that detection and response tools are essential, and they are even more efficient when deployed as part of a holistic approach to cybersecurity. It means it’s in your interest to rely on open, API-enabled solutions that allows you to collect, access and correlate data about security events ; and also to rely on solutions that enables you to detect both known and unknown threats – which is made possible with the help of AI – and to block them automatically.
Keep in mind that knowledge of the threats the organization has to face is also crucial to knowing what risks it needs to guard against, and to being able to react with the appropriate resources when necessary. In this respect, the TDIR approach offers an interesting framework.
What is TDIR approach?
Why should organizations take an interest in it to foster cyber resilience?