Don’t Get Caught Off Guard: A Roadmap to Cyber Resilience

Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Apu Pavithran of Hexnode draws up the road map to cyber resilience, pinning the detours, roadblocks, and all.

Cyberspace has always been a tug-of-war between data defenders and data burglars, and cyber threats have been looming for decades without a silver bullet solution. Experts predict that by 2025, cyber-crimes will cost $10.5 trillion to businesses, and the fact that 85 percent of the organizations were attacked by ransomware in the last twelve months proves that our traditional approach to cybersecurity that solely focuses on securing corporate perimeters is not working.

CISA (Cybersecurity and Infrastructure Security Agency) is the latest federal entity to voice its concerns about conventional cybersecurity practices in its latest strategy released for 2023-2025. One of the focus areas in the agency’s three-year plan is to encourage companies to reduce risk by strengthening their resilience. This comes on the heels of the recent surge in cyber-attacks that encourages businesses to have a proactive endpoint security approach as opposed to the existing legacy techniques. So, as we enter a new year, it is essential to have a cyber-resilient plan for your business without breaking the bank.

Pinpoints on the Cyber Resilience Roadmap

Dusting Off the Cyber Resilience Playbook

The term cybersecurity and cyber resilience have been used interchangeably by many. While both share the same objective, implementation is where they differ. While cybersecurity emphasizes on deploying strategies that prevent cyber-attacks from penetrating the systems, cyber resilience is a holistic approach that encompasses resisting, navigating, and surviving the entire lifecycle of an attack. In short, cyber resilience is a broader scope of cybersecurity. According to the World Economic Forum’s 2022 Global Cybersecurity Outlook, the average cost of a corporate breach is $3.6 million per incident, and it takes roughly 280 days to identify and address a penetration. This survey in itself calls for the need for a game plan.

Building defenses along the perimeters, and following a siloed approach are methods of the past years. Considering the massive attack landscape that currently exists, business leaders must steer towards a holistic cybersecurity strategy that involves identifying and securing all vulnerable endpoints. However, the approach isn’t a one-size-fits-all solution. Including a strategy with the following checklist before investing in tons of software could help organizations put themselves ahead on the road to cyber resilience.

1. Prioritize your crown jewels: Data protection has slowly been turning into a losing game. Businesses fail to identify their true assets and vital strongholds, offering adversaries a better chance to vanquish them. To avoid stepping into the losing game, it is recommended that corporates maintain an asset inventory and streamline resources to protect their critical assets. While encryption of sensitive data is a tried-and-true method, access management, and data loss prevention technologies could help businesses boost their data protection endeavour.
2. Securing every player in the game: Cyberinfrastructure is entwined with devices, applications, networks, and identities, and being ‘resilient-rich’ means securing every node of the network. Cloud-based solutions have made this easier by enabling other solutions to integrate and bring the best together. As the attack surfaces expand, it becomes challenging to determine the defense perimeter and implement robust security hygiene. This calls for a unified endpoint management (UEM) strategy to monitor, manage and secure devices, applications, and networks from a single platform. Endpoint management has pushed the benchmark of security, integrating with advanced threat detection and incident response solutions. Additionally, Secure Access Service Edge (SASE) is another technique that has established itself as a de-facto standard for cyber-proofing enterprise networks. While the SASE approach might call for architecture restructuring, the combination of network connectivity and network security solutions will ensure that your business is ready to handle unhealthy traffic.
3. Reviewing the organization’s zero trust posture: With the evolution of IoT (Internet of Things) and the edge, devices, and data are scattered past corporate perimeters, making conventional solutions obsolete. Firewalls and Virtual Private Networks (VPN), the predecessors of Zero Trust Network Access (ZTNA), relied on the concept of building perimeters around the organization and trusting everything in it by default. This doesn’t sound like a bad idea if your users and data are centralized. However, today’s decentralized and distributed work culture demands otherwise. The flourishing network bandwidth calls for a zero-trust approach where safety is ensured by inspecting traffic, monitoring network patterns, and authenticating identity based on users. The process of implementing ZTNA starts with identifying the organization’s key assets. Once the attack surface is micro-segmented, dedicated policies, permissions, and protection are allocated for each perimeter. Every device, user, and application goes through security checks and authentication procedures at regular intervals to prove that they are authorized to access the required resource. It has become a security attitude to never trust and always verify.
4. Measure your cyber readiness: Cybersecurity readiness is defined as ‘the state of being able to detect vulnerabilities and effectively respond to both insider threats and external attacks by reinforcing the organization’s cyber architecture and conducting constant attack surface checks.’ Simply put, being cyber-ready is all about knowing where you stand in terms of security. Currently, about 50 percent of organizations have placed a high degree of trust in the cloud, and this involves saving their data, identities, and systems in cloud storage environments. To achieve cyber readiness, organizations must have visibility into their vulnerabilities, know what’s moving in, out, and through the networks and assess their cyber maturity. By prioritizing cybersecurity readiness, organizations can better protect their critical assets, maintain trust with their stakeholders, and avoid costly data breaches and reputational damage.

Automating the Laborious Workflow

At its core, automation serves a single purpose: to let machines perform repetitive, time-consuming, and tedious tasks so that human intelligence can focus on crucial tasks that involve decision-making, problem-solving, strategizing, and so on. Although automation augments human intelligence to execute security operations and supplement the talent gap, this very mechanism of automation has also been leveraged by threat actors. For example, the Mydoom worm that used automation to propagate pieces of malware was capable of causing damage worth $38 billion. By invading several Windows devices via email attachments, the worm infected the victim’s OS, opened a backdoor to invite more malware, and infected every other email attachment sent from the device. Lately, automation systems integrated with Artificial Intelligence (AI) and Machine Learning (ML), are used to comprehend, detect and block threats proactively. Unified endpoint management (UEM) and Endpoint Detection and Response (EDR) solutions have been inculcating the perks of AI to amplify their management and threat detection functionalities. Additionally, AI-driven network management tools have caught the attention of security decision-makers. With the overwhelming velocity, variety, and volume of data being generated and exchanged, AI has enabled businesses to gain complete visibility into network infrastructure issues.

Soar High with SOAR Technologies

An assessment by IBM points out that the average lifecycle of a breach is 287 days, with organizations taking 212 days to detect a breach and 75 days to contain it. Containing a threat isn’t simple. Depending on the attack, multiple user accounts must be deactivated, and devices should be wiped, in addition to isolating the physical hosts. SOAR (Security Orchestration, Automation, and Response) technologies help tackle threats by planning and automating containment strategies. SOAR isn’t a panacea, nor a standalone solution. Instead, it is a security strategy that gathers intel from several threat defense technologies. It stacks together various interoperable software programs that will help collect data about threats and respond to them accordingly without human assistance. However, one must take note that these solutions do not promise a threat-free environment. Identifying valuable resources, automating laborious tasks, and adopting the appropriate solution will get you moving in the right direction.

Final Note

As the adage goes, it is never advisable to bring a knife to a gunfight, without the right set of skills, cybersecurity technologies are just crutches that could be a temporary fix. A significant factor in the flourishing cluster of cyberattacks is the imbalance of the talent pool in the industry. Compared to the demand for professionals to tackle cyber risks across all industry sectors, there are relatively few skilled cybersecurity practitioners worldwide. While catering to growing customer expectations and handling the increased complexities of IT, businesses must be sure to allocate sufficient resources to address the growing cybersecurity skill gap as a means to eliminate technological blind spots.

Having the right tools and skills are both crucial for effective cybersecurity. As the threat landscape constantly evolves, it’s essential to adopt the latest generation tools that can seamlessly integrate with one another. Gartner’s ideology of cybersecurity mesh, where security solutions interoperate through supportive layers, addresses the same. Although advanced technology solutions could replace the existing ones, the first and foremost step remains the same—to identify and protect the endpoints. Therefore, an integrated security strategy that addresses endpoint management and advanced technological systems like SASE would be the way forward. As the ecosystem of cyber-crime grows, it’s imperative for organizations to prioritize their cybersecurity efforts and bring it to the rooms.