Through the number of years living the digital life our perception of security changed completely. Just a few years ago, we used to perceive cybersecurity as “technical problem”, while now we prioritize and acknowledge it as one of the key problems and threats for the organization’s existence. Today, in the digital world everything is interconnected, so are cybersecurity and resilience – while security tries to prevent the problem before it happened or to manage one that already happened, resilience comes from a different perspective. It answers the question of how to recover from the problem that happened, you have a control over it or you resolved it and now question is how to continue your operations.
Why resilience matters
Resilience stands for design that enables quick recovery. One of the greatest prevention tools that will stop the attackers is to lay out such a complex system within our organization that forces attackers to spend a lot of time trying to penetrate the system. The time is money – more time spent on the attack means larger cost of the penetration and the attack. Building a resilient system means more chance for the attackers to give up at some point or to hit a wall, and that is very much expressed at your security posture for the system. Then resilience kicks in – resilient environments also have backups, redundant systems, disaster recovery points and a place to recover.
Resilience doesn’t equal robustness
Now it is important to understand that, while resilience is the ability to recover from failures and continue to function, it doesn’t include avoiding failures. One of the important principles of resilient systems is acceptance of unavoidable failure, where you must deal with it, but organization can response to failures in a way that avoids downtime or loss. That feature differs it from robustness, a capability to resist a failure, as well as from antifragility, the capacity to grow on failure.
When an organization is more open towards different solutions, bringing into the systems different aspects of resilience, it provides more options to recover. The cloud has become an essential part of resilience, given that it has resilience embedded in its system design and it is cornerstone of many efforts that are building more resilience into the organization. For example, the distributed nature of the cloud enables the organization to distribute its data resources easily so that it can properly protect the data. Utilizing only datacenters that keep the data copies at a single location makes the answer where the data is very simple and thus make it very vulnerable to different threats.
Identifying four dimensions of thread timeline
Enabling resilience in the organization but also at the different levels of government organizations have for different views that organization need to look at when they are building their resilience capabilities.
Geostrategic Resilience adds thinking about strategic control over the resources that you are protecting. Resources that are targeted under this threat usually have strategic importance to the attacker and control over them is usually not immediately activated but delegated to the time when it will have a strategic importance to the attacker. To achieve it, organizations should form partnerships and coalitions with the technology providers that can provide capabilities to protect the valuable resources for the organization – including some innovative solutions that move, protect, store the resources at the locations that are not so reachable to the attacker. Operational Resilience is a set of measures that will prevent attacker to the operational control over the target resources, as well as learning about targeted critical infrastructure and response from targeted objects. The best way to protect includes digital twins management systems to maintain control over the environment where you assume the issue with the primary resources and can easily switch to the “alternative” systems – fully operationally identical to the primary ones. Cyber Resilience is important for the time when attacker starts to activate the command-and-control capabilities of resources, and it is usually visible because your defending systems start to receive early indicators of massive cyber activities. Important part of protection methods includes Security Operations Centers and deployment of integrated tools for threat intelligence. Very important part is Crisis Resilience, where we respond to a manifestation of damaging activities on targeted resources – where attack can manifest itself through physical attributes of destruction (like flood or earthquake) or with potential cyber activities. Crisis management includes Emergency management & response systems.
When it comes to building resilient systems, different models apply. For example, Estonia has embraced “Data Embassy” concept of data protection by moving data to third party locations. Adding this embassy locations is not only good for the data, but in the future should work for the processes, services and applications as well. They are using hybrid cloud – mixed computing, storage, and services environment made up of on-premises infrastructure, private cloud services, and a public cloud – keeping data within and outside the country. It makes you ready for the crisis instead of using emergency services every time a crisis happens.
When using cloud, the relationship between the client and the provider must start with trust. Cloud is not a single location, so verification of all information in area of confidentiality, integrity, availability and so forth is vital and cloud must provide security and resilience continuum.
All this does not mean that organization should not look at the cybersecurity investments – protecting from the attack before it happens. To achieve the best level of cybersecurity, Microsoft recommends Zero Trust Security approach. But after the attack, some components of the system will need recovery – and recovery could be made on different infrastructure and if needed, everything could be rebuilt from scratch.
To conclude, to build cyber security and cyber resilience that will enable organization to detect and prevent threats, new way of thinking should be embraced. It is not just how we protect but also how we recover, and that comprehensive approach asks for the help of the organizations that have additional capabilities, the right tools and expertise.
*DDoS attack – distributed denial-of-service attack
Original article was published here: https://www.delfi.lt/uzsakomasis-turinys/premium/kaip-imoneje-sukurti-atsparuma-kibernetinems-gresmems.d?id=90347237