In recent years the world has considerably evolved, with organizations increasingly adopting digital initiatives, like Cloud, IoT, Big Data, Artificial Intelligence and Machine Learning. And the Covid-19 pandemic has forced organizations to accelerate the adoption of those initiatives. This process, called digital transformation, has impacted from startups to global consolidated enterprises in all corners of the globe. 

It is important to mention that this process can be considered more than a trend, it is a business imperative for companies to remain agile, productive, and competitive as the world becomes more digital. A study from SMB Group has indicated that Small and Medium Businesses (SMEs) that invest in digital transformation initiatives are almost 2 times more likely to increase their revenue. However, the risk involved for companies adopting a digital culture is considerably higher than those that still use manual processes and tools. This is mainly because of the increasing number of cyberattacks.

Cybersecurity has been in the spotlight for several years. According to a study from Ponemon, 82% of IT security and C-level executives have experienced at least one data breach when implementing new technologies, including those associated with the digital transformation process. This indicates the need for organizations to properly prepare, respond and recover from cyber attacks, which is called cyber resilience. This ensures that organizations are able to reduce the impact of an incident and ensure that they can continue to operate. And with cybersecurity risks increasingly associated with business risks, cyber resilience is an effective way to achieve enterprise resilience. 

In this aspect, cybersecurity vendors have evolved their solutions rapidly to keep up with malicious attackers. However, despite all technological advances, the number of cyberattacks continues to increase and organizations are still victims of cyber attacks. This is mainly because those malicious actors are constantly improving their attack techniques, with more sophisticated methods to engage in their malicious activities. But what are the most used techniques to compromise the cyber security of an organization?

One of the most common techniques is phishing. A phishing attack involves sending fake messages – usually via email – to make it seen as coming from a reliable source. The purpose in this case is to compromise sensitive information, like personal and financial data. Through this kind of attack, malicious attackers can steal privileged credentials and obtain unauthorized access to critical systems like an ERP or encrypt data through the execution of ransomware. 

Even though this is not a new technique, in the last few years, and with the spread of Ransomware-as-a-Service, this technique has become one of the favorite methods used by malicious attackers. This is especially because of the high return and low effort needed to compromise a company. A study from KnowBe4 indicates that the damages associated with ransomware have reached USD 11.5 billion in 2021, an increase of 73.9% compared to 2019. And the forecast is not good: it is expected that the costs associated with ransomware will reach USD 256 billion by 2031. 

It is important to mention that both phishing and ransomware explore the human aspect, also called social engineering. And according to the 2022 Verizon Data Breach Investigations Report (DBIR), 82% of researched breaches involve the exploitation of human behavior. In this kind of attack, cybercriminals use trickery and impersonation to make people perform actions that benefit them, like opening an attachment or clicking on a malicious link.

But how can organizations and cybersecurity leaders build an effective strategy to achieve cyber resilience?

Well, the first step to create cyber resilience is to improve security to prevent attackers from obtaining access to the infrastructure. This involves working on three aspects: 

1. People, which involves investing in cyber awareness, education, and training.
2. Processes, including policies and procedures.
3. Tools, like Network Monitoring, Privileged Access Management and MFA

During this step, cybersecurity leaders must ensure that cybersecurity objectives are aligned with business objectives. This involves developing a cybersecurity program, structuring a cybersecurity governance process and implementing a continuous improvement process. 

The next step to improve cyber resilience is to be able to properly detect malicious activities so the cybersecurity teams can respond to cyber threats and minimize damages. This includes implementing systems to monitor suspicious activity and train the team to properly identify signs of cyber attacks.

After detecting those malicious activities, the cybersecurity team must be able to properly respond to the attack to minimize the damage and recover from those incidents. In this aspect, organizations must develop and test strategies, including who to contact and what steps to take to respond to the threat. This can be done with an Incident Response Plan (IRP).  

The fourth and last step is recovery. This means that, once the threat has been successfully addressed, the organization must be able to recover their infrastructure and data. The recovery process includes implementing backup strategies and a plan to restore them from the incident.  

With more cybersecurity risks associated with business risks, building cyber resilience is a business imperative for companies to remain competitive and increase revenue. By creating this culture, organizations are able to reduce financial losses, be compliant to legal and regulatory requirements, improve the security posture in the organization and increase trust from customers, partners and employees.

You had presented a webinar about the surprising secrets of cyber resilience with Steve Hunt, an inductee into the ISSA Hall of Fame. Watch now!