Cyber ResilienceData Protection & Cyber RecoveryData CenterSecurity Transformation
Blog • • 4 minute read

Cyber Resilience - A Holistic Approach

A holistic approach to a cyber resilience program is essential, emphasizing both recovery and cybersecurity posture to minimize the impact and reduce the recovery scope after a cyber event.

Cyber resilience is a term that often comes with varied definitions. If you ask five different people, you might get four and a half different answers. Some argue that it focuses on cybersecurity hygiene, others claim it is merely about adhering to National Institute of Standards and Technology (NIST) controls, while some believe that companies should shift their focus away from prevention and detection to invest more in recovery strategies. These perspectives, however, are incomplete. A holistic approach to a cyber resilience program is essential, emphasizing both recovery and cybersecurity posture to minimize the impact and reduce the recovery scope after a cyber event. The program must be outcome-based rather than a technology quick fix. 

Here are some brief, but key elements that companies should focus on:

Build a cyber resilience program that spans the organization 

Cyber resilience is not just a technology issue; it is a team effort requiring executive sponsorship and buy-in across the business. Given the varying priorities within different departments, a central organizational goal and priority are crucial.

At the program level, it is essential to conduct both qualitative and quantitative risk analyses, including third-party assessments, business impact analyses, and the establishment of governance policies and cybersecurity requirements within third-party contracts. A business impact analysis should be performed regularly, either yearly or quarterly, depending on how dynamic your environment is. 

Your cyber resilience program should serve as the framework that provides outcomes and direction for the technology.

Maintain cybersecurity posture and hygiene with tools

A robust cybersecurity posture should include technologies to identify, prevent and mitigate attacks, as well as reduce the blast radius of impacted systems. Essential technologies include:

  • Endpoint Detection and Response (EDR) / Extended Detection and Response (XDR)
  • Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR)
  • Network segmentation (micro-segmentation if possible)
  • Data Loss Prevention (DLP)
  • Identity and Access Management (IAM) platforms and processes
  • Vulnerability and Patch Management
  • Data Classification
  • Data Protection

Many OEMs in these spaces integrate to provide more intelligent actions based on a holistic threat picture.

Additionally, you should perform application dependency mapping, preferably with a dedicated mapping platform, so your team always has an up-to-date picture of your applications and an understanding of their interdependencies. This knowledge is crucial for knowing which ancillary services need to be recovered alongside your critical tier 0 applications.

Ensure recovery with people, process and technology

There is not a single OEM that will provide you with cyber resilience. As we have discussed, you need all parts of the cyber resilience program to make it holistic. At the technology level, immutable and indelible storage snapshots from your storage arrays and data protection platform are necessary to ensure recovery. At the people and process levels, well-documented Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) for each tier of applications and services are essential. Organizations must regularly test their RTO to ensure staff understand the process and that the RTO is achievable.

Another recovery method is a cyber vault. While the term "vault" can be contentious, it is not a product-based vault. Many OEMs offer data vaults, but these do not account for infrastructure disruption during a cyber attack. Whether you call it a vault, an Isolated Recovery Environment, or something else, think of it as a reference architecture. It is not dependent on any one OEM; almost any OEM and technology can be integrated into this reference architecture. This environment is segregated from production, where you can confidently recover your most critical business services, even mid-attack or from a degraded posture following a catastrophic attack that has compromised your infrastructure (network, servers, storage, Public Key Infrastructure (PKI), IAM). This segregated environment provides a break-glass area for operational resilience.

In conclusion, a holistic and comprehensive cyber resilience program requires an equal focus on each of these elements. Only by interweaving these components can an organization achieve true cyber resilience.