What are the key foundational technologies and practices for a solid cyber resiliency framework?

Prioritizing your cyber resilience framework to meet the increasing threat of cyber disruption

A cyber resiliency framework is a necessity for businesses and organizations that want to stay ahead of hackers and adversaries. While traditional cybersecurity solutions offer some degree of protection, they simply can’t provide the 360 degrees of visibility and intelligence required to combat savvy criminals.

Today’s networks are complex and sprawling, and most of them have a cloud component. Recent research from IDC indicates that cybercriminals are more than happy to take advantage of cloud vulnerabilities, with the typical organization experiencing an average of two cloud breaches over the past two years. Those breaches required “significant extra resources to rectify,” according to the research.

There are a number of foundational technologies and common-sense practices required to create a solid cyber resiliency framework that will protect against those breaches. They take into account the complexities of today’s sprawling networks and including variables like the cloud and other components of digital transformation. A comprehensive cyber resiliency framework should encompass strong and varied security mechanisms, but also must include ways for organizations to recover quickly if a breach occurs.

The five key cyber resilience technologies

IDC has identified five main technologies that should form the foundation of a cyber resiliency framework. Implementation of these tools will help businesses create a resilient security environment while also addressing and minimizing potential disruption from an attack.

A majority of today’s cyberattacks are automated. One of the best ways to combat them is through automated, orchestrated solutions. These tools provide IT staff with intelligent analysis and data to augment their expertise and attack responses.

1. Automation and orchestration for recovery of platforms and application data

Automation is also useful for the successful recovery of applications, including a multi-stage process of recovering interconnected systems and data. Automated codification of recovery processes using validated and tested software templates can mitigate risk and error.

2. Air-gapping sensitive data and systems

The process of air-gapping includes physically or virtually separating systems, networks, and data from other systems or networks. A business may choose to air-gap networks containing sensitive data from day-to-day networks and systems, for example.

Sophisticated pieces of malware and ransomware are designed to quickly infiltrate an entire network, exposing internal and possibly external systems and data. By creating an air-gapped copy of critical and sensitive data, organizations can protect themselves from external exposure, operational downtime, and the high costs associated with data recovery.

3. Maintain unalterable data using write-once, read-many (WORM)/immutable storage technologies

Most cybercriminals try to erase logs and history to hide their tracks. Technologies that provide unalterable data can be used to combat this problem, including WORM and immutable storage solutions. These offerings help maintain data integrity as well as business resilience against attacks designed to remove or alter data.

Multiple forms of WORM technology may be used at the hardware and software layers, ensuring data remains unaltered while also providing an electronic chain of custody.

4. Maintain efficient point-in-time copies and data verification

Efficient point-in-time technology is a valuable asset for maintaining multiple copies of data. Too often, attackers infiltrate and remain inside networks for months, infecting regular data along with backups. Point-in-time technologies provide continuous data verification, ensuring multiple copies of data are maintained. The technology may also be used to proactively identify possible breaches and automatically take corrective actions.

Point-in-time technology is also vital for effective backup and recovery processes. These types of solutions offer data verification and ensure the integrity of the backup or replicated data.

5. Unified dashboard and orchestrated reporting

Regulatory compliance and reporting can help organizations proactively manage and protect data. A solution that offers orchestrated reporting and a unified dashboard provide visibility and control of data, ensuring proper controls are in place. An additional benefit is that businesses can use this technology to ensure they meet compliance mandates and avoid expensive audits or penalties.

Additional practices for cyber resilience

There are also a number of ongoing, common-sense practices that organizations can implement in addition to the technologies above to create a solid cyber resiliency framework. Accenture recommends the following strategies to get the most out of cyber resiliency efforts:

1. Keep up on basic, routine tasks
   Organizations should stay on top of security maintenance tasks like patches, updates, and access permissions.
   
2. Take security refuge in the cloud
   Organizations that migrate systems and data to the cloud can benefit from multi-zone computing, elastic workloads, and multi-cloud strategies. This makes it much more difficult for criminals to find and steal data.
   
3. Implement data-centric security
   Data-centric security encompasses a variety of techniques designed to safeguard and manage data. It may include encryption, marking, tagging, tokenization, segmentation, throttle access, automated access decisions, and identity and access management.
   
4. Application development should include security
   Security should be integrated with every stage of the application development process. Employing a defined set of DevSecOps practices while also using automated scanning and testing will help continually identify possible vulnerabilities. Polymorphic coding techniques can also be useful for consistently shape-shifting the application attack surface for potential criminals.
   
5. Take advantage of software-defined networking (SDN)
   SDN enables organizations to shape-shift an entire network, making it even more difficult for criminals to find the data they are seeking. Routes and services may be changed in the middle of a session, an ideal practice for foiling adversaries.
   
6. Deploy proactive defense techniques
   Artificial intelligence (AI) and security automation and orchestration solutions are capable of detecting and responding at machine speeds. These technology tools may be used to continuously probe and test the networking environment to pinpoint vulnerabilities before they become an issue.

Creating a solid cyber resiliency framework through technology and a well-defined set of best practices should be a priority for every organization. It is an important part of digital transformation, and it also gives businesses a major competitive advantage.

The practice of developing a framework and deploying the right technologies and practices should be a company-wide effort involving all departments and stakeholders. This ensures cyber resiliency is properly integrated into all aspects of an organization and becomes an organic part of the business lifecycle and culture.

Learn how Accedian can help you build the right framework and functions around your cyber resiliency strategy.