Through the number of years of living the digital life, our perception of security has changed completely. Just a few years ago, we used to perceive cybersecurity as a “technical issue”, while now we prioritize and acknowledge it as one of the key problems and threats to the organization’s existence. Today, everything is interconnected in the digital world, and so are cybersecurity and resilience – while security tries to prevent the problem before it happens or to manage the one that has already happened, resilience comes from a different perspective. It answers the question of how to recover from the problem that occurred, you have control over it, or you resolved it, and now, the question is how to continue your operations.
Why resilience matters
Resilience stands for the design that enables quick recovery. One of the greatest prevention tools that will stop the attackers is to lay out such a complex system within our organization that forces attackers to spend a lot of time trying to penetrate the system. The time is money – more time spent on the attack means a higher cost of the penetration and the attack. Building a resilient system means more chance for the attackers to give up at some point or hit a wall, which is very much expressed in your security posture for the system. Then resilience kicks in – resilient environments also have backups, redundant systems, disaster recovery points, and a place to recover.
Resilience doesn’t equal robustness
It is essential to understand that, while resilience is the ability to recover from failures and continue to function, it doesn’t include avoiding failures. One of the critical principles of resilient systems is the acceptance of unavoidable failure, where you must deal with it. Still, an organization can respond to failures in a way that avoids downtime or loss. That feature makes it different from robustness, a capability to resist a failure, as well as from antifragility, the capacity to grow on failure.
When an organization is more open to different solutions, bringing different aspects of resilience into the systems provides more recovery options. The cloud has become an essential part of resilience, given that it has resilience embedded in its system design, and it is a cornerstone of many efforts that are building more resilience into the organization. For example, the distributed nature of the cloud enables the organization to distribute its data resources easily to protect the data properly. Utilizing only data centers that keep the data copies at a single location makes the answer where the data is very simple to locate and thus makes it very vulnerable to different threats.
Identifying four dimensions of thread timeline
Enabling resilience in the organization and at the different levels of government organizations has four different views that organizations need to look at when they build their resilience capabilities.
Geostrategic resilience adds thinking about strategic control over the resources that you are protecting. Resources that are targeted under this threat usually have strategic importance to the attacker and the control over them is usually not immediately activated but delegated the time when it will have strategic importance to the attacker. To achieve it, organizations should form partnerships and coalitions with the technology providers that can provide capabilities to protect the valuable resources for the organization – including some innovative solutions that move, protect, and store the resources at the locations that are not so reachable to the attacker. Operational resilience is a set of measures to prevent the attacker from operational control over the target resources. It also provides insight into targeted critical infrastructure and response from targeted objects. The best way to protect includes digital twins management systems to maintain control over the environment where you assume the issue with the primary resources and can easily switch to the “alternative” systems – fully operationally identical to the primary ones. Cyber resilience is vital for the time when the attacker starts to activate the command-and-control capabilities of resources, and it is usually visible because your defending systems start to receive early indicators of massive cyber activities. An essential part of protection methods includes Security Operations Centers and the deployment of integrated tools for threat intelligence. Crisis resilience has a significant role when we respond to a manifestation of damaging activities on targeted resources – where the attack can manifest itself through physical attributes of destruction (like flood or earthquake) or with potential cyber activities. Crisis management includes Emergency management and response systems.
When it comes to building resilient systems, different models apply. For example, Estonia has embraced the “Data Embassy” concept of data protection by moving data to third-party locations. Adding these embassy locations is not only good for the data, but in the future should work for the processes, services, and applications as well. They are using a hybrid cloud – mixed computing, storage, and services environment made up of on-premises infrastructure, private cloud services, and a public cloud – keeping data within and outside the country. It makes you ready for the crisis instead of using emergency services every time a crisis happens.
When using cloud, the relationship between the client and the provider must start with trust. Cloud is not a single location, so verification of all information in terms of confidentiality, integrity, availability, and so forth is vital. The cloud must provide a security and resilience continuum.
All this does not mean that an organization should not look at the cybersecurity investments – protecting from the attack before it happens. Microsoft recommends the Zero Trust Security approach to achieve the best level of cybersecurity. But after the attack, some system components will need recovery – and recovery could be made on different infrastructure, and if needed, everything could be rebuilt from scratch.
To conclude, a new way of thinking should be embraced to build cyber security and cyber resilience that will enable organizations to detect and prevent threats. It is not just how we protect but also how we recover. That comprehensive approach asks for the help of organizations with additional capabilities, the right tools, and expertise.
*DDoS attack – distributed denial-of-service attack