Just as you might wash your hands, get a flu shot, or stay away from the person you noticed coughing on their way into the office to prevent getting sick, cybersecurity has the ultimate goal of preventing security breaches. Unfortunately, no matter how many precautions you take, you still might get sick, just like your organization still might suffer a breach.
Cybersecurity earns its keep by defending against costly attacks, but considering that the average Canadian organization suffers 450 attacks each year and over nine breaches, it’s reasonable to believe that a breach is somewhat inevitable. Technology is constantly changing and threats are as well, leaving even the most sophisticated and effective cybersecurity systems vulnerable, occasionally.
What happens when an attack gets through?
Hopefully, this is when your cyber resilience program kicks into gear. If not, this is usually the time when everyone drops what they are doing in order to frantically stop the bleeding. The problem with this is that the bleeding is likely coming from multiple places and without a plan, no one knows what to prioritize and how those decisions will affect the organization in the long run. Of the organizations we surveyed in our 2018 Security Study, the average cost of a breach is $3.7 million and with $3.5 million of that in lost revenue and profitability, the decisions you make as you respond to a breach will greatly affect that bottom line.
A good cyber resilience program will have done the homework in advance and will have made those decisions already so that when a breach occurs, everyone involved can spring into action and follow through on the plan. Each person knows their role and will move purposefully towards the most critical injury, addressing the areas that are most important.
Focus on critical systems
What is the single most important function of your organization? The system that enables that function should be the top priority during a breach so that you can continue to operate even during an attack. Anything else can, and will, have to wait because every minute that passes with your critical system down is a financial loss. The number one goal is to keep basic systems functioning and limit disruptions to your organization’s main function.
If your organization could use some help identifying which systems are critical, we suggest conducting a Threat Risk Assessment. Contact us for more information.
Cover a lot of ground
Planning for a cyberattack needs to be both detailed and flexible. Detailed in the sense that communication is clear and everyone involved knows what needs to happen, but flexible enough to be able to respond to a wide variety of attacks.
Automate when possible
A lot of your cybersecurity is likely automated, but your cyber resilience can also employ automation technology to speed up response times and secure data quickly. Automation is responsible for a lot of the progress we are seeing in cybersecurity, so making use of this technology as well as emerging technology can make a huge difference in protecting your organization from new threats.
And then test it
Now that a plan is in place, test it. Practice what would happen during a cyberattack and play out how the cyber resilience plan would be put to use. See where there are holes, where there might be miscommunication, and where sensitive information is vulnerable. Do these tests regularly and continue to tweak the plan as you learn more about the threats you are experiencing.
Cybersecurity and cyber resilience are like Batman and Robin; they fight better together, but Batman runs the show. No matter how tight your cybersecurity is, you’re never going to be able to defend against everything, mainly because some of what you’re defending against is unknown. When you have a breach, it’s your cyber resilience program’s turn. Ultimately, the goal is to limit disruption of service as well as keep profit loss to a minimum. The better your cyber resilience program is, the easier it will be to come back from a cyberattack.