What exactly Is cyber resilience? A technical definition of it is as follows:

Cyber resilience is the ability to prepare for, respond to and recover from cyber-attacks. It helps an organization protect against cyber risks, defend against, and limit the severity of attacks, and ensure its continued survival despite an attack. Cyber resilience has emerged over the past few years because traditional cyber security measures are no longer enough to protect organizations from the spate of persistent attacks.”
(Source: itgovernance.co.uk/cyber-resilience)

An Example of Cyber Resilience

Let us illustrate this definition with an example.  Suppose that Company XYZ has invested in all of the latest security technologies imaginable, yet despite all of these safeguards, they are hit with a large scale cyberattack, such as that of ransomware. 

Not many companies can withstand such an attack, and in most cases, they would most likely decide to go ahead and pay the money that is demanded of them so that they can resume mission critical operations as soon as possible.

But Company ZYX decided not to go this route.  They refused to pay the hacking group in question, because they realized that if they did pay up, there is no guarantee that they won’t be impacted again by the same cyber attacker, asking for more money the second time around.  In this regard, Company XYZ played their cards right, because they maintained a very proactive mindset.

Company XYZ’s proactive approach included creating daily backups and making use of a Cloud-based Infrastructure in which to host their entire IT and network infrastructure.  These safeguards allowed them to basically “kill” any of the virtual machines and virtual desktops that were impacted by the ransomware. Furthermore, they were able to build new virtual machines and desktops and transfer all information and data to them from the backups—all within a matter of hours.

So, within just a day or so, Company XYZ was back on their feet and running again, as if the cyberattack had never occurred.  As it is legally required, the CISO of this company notified all the necessary law enforcement officials and key stakeholders (especially their customers) of what had happened, and immediately launched a forensic investigation to determine exactly what occurred.  The next mandate was to update all of the company’s relevant security policies in order to reflect the lessons learned from this incident.

How Company XYZ Met the Definition of Cyber Resilience

As our illustration points out, Company XYZ met all of the components of cyber Resilience, because they were able to:

  • Greatly limit the impacts of the ransomware attack.
  • Ensure the company’s survival within a day or two.
  • Emerge from the attack prepared to mitigate the risk of the same threat vector (or, for that matter, any of its variants) from happening again.

Cyber Resilience does not simply refer to how a business can operate at baseline levels after being impacted.  Rather, it refers to how a business can resume operations at a 100% normal speed in the shortest time possible and reduce the odds of becoming a victim in the future.

What’s the Difference Between Cyber Resilience and Cyber Security?

There is often a great deal of confusion between the two terms. Here are the key differences:

Cyber security refers to the tools that are used to protect both digital and physical assets.  In the case of Company XYZ, this would include the routers, firewalls, network intrusion devices, proximity readers, key FOBS, etc. to protect the Intellectual Property (IP), the databases which contain the Personal Identifiable Information (PII) of both employees and customers, shared resources that are stored on the corporate servers, access to the secure rooms which contain actual client files, etc.

Cyber Resilience refers to how well Company XYZ can get into the mindset of a cyberattacker in order to anticipate the new tools, as well as their elements of surprise, in order to prevent them from penetrating the company’s lines of defense and cause long term damage.

In other words, cyber security deals with the prevention of theft of information and data at just one point in time.  Cyber resilience is designed to protect the business from being permanently knocked off the grid over multiple periods of time.  The former takes a purely technological approach, while the latter takes a much more psychological approach which encompasses all facets of human behavior and culture at Company XYZ.

Cyber Resilience Controls and Their Objectives

The matrix below, from NIST’s “Cyber Resilience Considerations for the Engineering of Trustworthy Secure Systems,” details the specific controls that a business must implement in order to attain an acceptable level of cyber resilience. 

                           The Control                                          It’s Primary Objective

Adaptive Response Have the ability and means to respond to a security breach in a quick and efficient manner
Analytic Monitoring Be able to detect any anomalous or abnormal behavioral patterns quickly
Coordinated Projection The need to implement multiple layers of authentication
Deception Purposely confuse the Cyberattacker with regards to the main points of entry
Diversity Use different kinds of techniques to further minimize the level of risk
Dynamic Positioning Increase rapid recovery by further diversifying the main nodes of network communications distribution
Dynamic Representation The importance of understanding the interlinkages between Cyber and non-Cyber resources
Non-Persistence Keep resources only on an as needed basis
Privilege Restriction Assign only the appropriate permissions, rights, and access to employees to conduct their daily job functions
Realignment Keep changing the inter links so that a breakdown in non-critical assets will not have a cascading effect to the critical assets
Redundancy Implement multiple instances of critical assets
Segmentation Separate the network infrastructure into different subnets
Substantiated Integrity Determine if critical assets have been further corrupted
Unpredictability Keep mixing up your lines of defense so that the Cyberattacker cannot plan their course of action

 

Conclusions

This article has examined what cyber resilience is all about, and some of the key differences between it and cyber security.  With today’s trend of having a remote workforce becoming the norm, it is especially important for companies to develop and maintain a proactive mindset.  This can only be achieved by adopting the principles of cyber resilience.

Sources