Breach Please, We're Cyber Resilient
For many, it is thought that an organization should not experience a breach or compromise of systems. This idea can be correlated to saying there should be no crime in this world because we have security cameras, alarm systems, guards, and police officers. These unrealistic notions are to be debunked, not with a sense of defeat, but an opportunity to effectively bounce back when an incident do occur.
What does it mean to be Cyber resilient? Cyber resilience is acceptance of cyber compromise as a likely event, and the system suffering as a result. The focus is on a system’s ability to recover and adapt after an adverse event, not just resist one. It is to continue core business functions in the face of disaster or an attack. Using this strategy requires preparation for known and unknown threats. While it might seem it makes sense to simply have more security controls , sometimes more controls can introduce more risk. In fact, each additional mechanism carries with it the risk of expanding the surface of a successful attack. It also introduces the risk of interfering with the work of other mechanisms already built into a system, reducing their effectiveness. (Linkov 2021)
Vitality in restoring a systems functionality after a compromise is essential, especially when it comes to critical infrastructure. This ranges from energy and communication networks and healthcare facilities. For example, a major health services organization, subjected to a ransomware attack, was reduced to manual methods of data handling, over a significant period of time (Landi, 2020). Imagine, this causes damage to an organization and endangerment to human lives.
It is not easy to predict at design time if a system will be stable when facing unknown malicious actions that will be introduced at runtime. However, it is possible to provide reference points to evaluate whether the system is better prepared or not, to face the adversaries (Segovia et al., 2020).
Cyber resilience should be added to the security controls and procedures that are set in place. The conversation and research of adding resilience to a strategic cyber management is still budding.
My thoughts in closing are: How can the cyber community infuse resilience strategy with other best business strategies within organizations. It is one that requires testing, measures and application.
Resources
Linkov, I. (2021). To Improve Cyber Resilience, Measure It. DOAJ. https://arxiv.org/ftp/arxiv/papers/2102/2102.09455.pdf
Segovia, M., Rubio-Hernan, J., Cavalli, A., & Garcia-Alfaro, J. (2020). Cyber-Resilience Evaluation of Cyber-Physical Systems. https://arxiv.org/pdf/2009.06927.pdf
Stavrou, E. (2020). Back to Basics: Towards Building Societal Resilience Against a Cyber Pandemic (No. 1690–4524). https://doaj.org/article/059f6255ee4a4cf2918e8944d1dcfeaf