August 23, 2022
Businesses faced more cyberattacks than ever before in 2021. In fact, data from Check Point Research revealed that corporate networks saw 50% more attacks per week in comparison to the previous year.
This trend reached an all-time high at the end of 2021, peaking to 925 cyberattacks a week per organization, globally and with the education and research sector experiencing the highest volume of attacks, followed by the government/military sector.
As businesses face more cyberattacks than ever before, more leaders are finding the need to enact proactive protections through cyber resiliency plans. Cyber resilience is the ability of an organization to enable business acceleration by preparing for, responding to, and recovering from cyber threats.
A cyber resilient strategy is vital for business continuity. It can provide benefits beyond increasing an organization’s security posture and reducing the risk of exposure to its critical infrastructure. It can also help to reduce financial loss and reputational damage.
Due to the enhanced sophistication of today’s attacks, the sooner businesses can enact a cyber resilience plan, the sooner they will be protected from harm.
Here are four key steps necessary for creating a proper cyber resiliency program:
No. 1 — Develop a Proper Cyber Resiliency Plan
A proper cyber resiliency plan must be based on a business’ environment, the data sets used, legal and regulatory requirements, appetite for risk avoidance, repetitive historical assessments of cyber control operating effectiveness, and the ability to look forward to the ever-changing cyber risks that must be integrated into the plan.
No. 2 — Conduct Regular Maintenance Testing
Once the plan has been developed and finalized, it is important to create real-life scenarios to test and assess your cyber resiliency program and plan. Businesses should plan to implement these tests as often as needed—but never less than annually—to help determine the effectiveness of the program. Use cross functional teams in the business and document findings from the tests to learn if a program is strong enough to withstand an attack.
Use the documented outcomes of the tests to adjust the plan and program. Budgeting for the tools and needs outside of the normal IT budget is critical to tracking your program effectiveness to its spend and return on your protection.
Verify that your expectations are actually being met; that means testing controls, testing your vendors, ranking your data sensitivity, documenting regulatory and legal needs and more.
No. 3 — Implement Hack-Free Safety Controls
Adding controls like multi-factor authentication, advanced malware protections, intelligent protection tools, vulnerability scans, and internal and external penetration and hacking tests, are all key controls vital to including in your cyber resiliency program. Other protections such as business email phishing and text messaging user access can help boost safety.
No. 4 — Evaluate and Readjust Plans as Necessary
After testing, it is vital to evaluate and reassess. Cyber risks and attacks are ever-changing, making it imperative to be nimble and agile. Never forget that this is a marathon, not a sprint. An effective plan must adjust as often as needed to advance protections against today’s ever-evolving cyber ecosystem.
In addition, finding experts, both internally and externally, is critical to the cyber resiliency planning process. Experts, such as a chief information security officer (CISO) are necessary to provide demonstrable and certifiable experience to guide businesses to an effective and operational plan.
If businesses cannot find or afford a CISO, contract with a virtual CISO (vCISO). A vCISO with real experience will be your best guide and provide the ins-and-outs of the requirements necessary to protect the business, and will have their hands in various scenarios, clients and verticals, which adds to their ongoing expertise and knowledge base.
In conclusion, the best way to start building cyber resiliency is to start now. Cybercrime as a service is booming, ransomware attacks are increasing, users are getting more savvy on how to circumvent controls, exception lists are growing, and the data sets are getting more complex with the ever-expanding ecosystems organizations are involved in.
Use the steps above to get started on building a strong cyber resilient protection plan, today.
Carl Cadregari is an Executive Vice President in the FoxPointe Solutions Information Risk Management Division of The Bonadio Group. Carl has more than 28 years of experience providing actionable technology, cybersecurity and data governance architecture, controls auditing and general cybersecurity planning.