This live stream is a conversation between Ed Bailey and Jackie McGuire on the growing significance of cyber resilience in today’s digital landscape. You’ll learn what cyber resilience means, why it’s important, and how to manage and improve it in an increasingly unpredictable world. With cyber threats becoming more sophisticated and frequent, cyber resilience has become critical to protecting personal and business assets. This discussion is perfect for anyone looking to better understand the importance of cyber resilience and how to safeguard against potential threats.
Cyber attacks are more of an inevitability for organizations nowadays than a possibility. Even if you somehow become the best manager of third-party risk the world has ever seen, there’s no way to guarantee that all of your third-parties know how to properly manage all of their third-party risks. Chances are that hackers will find a way in at some point, so it’s time we shift from an “if we are breached” approach to “when we are breached.”
So many business practices are reliant on internet connectivity today that if the security of those connections were compromised, the impact would be catastrophic. During the financial crisis of 2008, a lot of insurers and reinsurers nearly went bankrupt, but the cost of bailing them out from a catastrophic cyber attack today would make the financial crisis look like a drop in the bucket because it would be so widespread and leave virtually no industry untouched. Because of this, cyber resilience is a critical aspect of protecting personal and business assets.
It depends on who you talk to, but we like to define cyber resilience as the ability of an enterprise to limit the impact of incidents and control the business impact that may arise from a connectivity issue or system compromise.
It’s a relief to see governments and private organizations finally putting the same amount of resources towards security functions as they do to uptime and resilience of their IT systems. Treating security incidents the same way you would if a data center or router failed and understanding how to handle these types of situations is critical.
The best way to test your cyber resiliency is to simulate connectivity and security systems loss and actually understand what would happen in those situations — and that starts with an assessment of your infrastructure. This sounds like a really basic thing, but security is complex. It also evolves over time and results in having more bolt-on pieces than you would with IT, making it even more important to have a roadmap to start from.
Not many organizations actually have a diagram of what their security stack looks like with all its different dependencies and notations of which tools are in the cloud vs on prem. You have to start here because you can’t make proper calls on how to respond to an incident if you don’t understand what your architecture looks like. Sure, you can simulate losing an ISP, but if Google, Amazon, or Microsoft is having a cloud outage, do you actually know which of your services run on which providers?
At departmental levels, you should figure out if you lose connectivity — does everything just stop or is there a manual system in place? Are there failovers from a data flow perspective? Consider taking control of the data flow by decoupling your data sources from their destinations so you can turn sources on or off and direct the firehose of data wherever you need to.
It’s also likely that some portion of your infrastructure is highly dependent on a vendor-specific agent. Suppose that vendor gets compromised or you need to redirect that data. In that case, it may be a good idea to have some type of data lake or bucket that the full stream of data goes into if it can’t go through your security analytics, just to have a place to store it so that you’re not losing it completely. We’ve even seen screenshots of compromised EDR consoles, which are responsible for an enormous amount of control — in these situations, it pays to know where your emergency shutoff valves are.
The federal government is going to lead the charge here. When the federal government mandates something, it trickles down to all their contractors and vendors, and then starts to proliferate through private enterprise.
We typically think of the government as being kind of archaic and behind the times, but due to the sensitivity of the information the government handles, they’re likely to get more involved in this issue early on. Our nuclear arsenal depends on data connections, so it’s probably a good thing if they’re on the ball with this particular issue.
Cyber insurers and reinsurers are likely to contribute here as well. Insurers that issued cybersecurity policies without doing due diligence to the customers’ infrastructure took a huge hit when ransomware exploded. As a result, they’re starting to mandate better practices and procedures and making it harder to get covered in the first place. You’ll have to show that you’re backing up your data, using multiple data centers and that your whole infrastructure is set up properly to give you the best chance of avoiding cyber attacks.
Given the proliferation of cyber attacks in recent years, the cost of not doing anything in terms of cyber resiliency is significant. Watch the full video on Cyber Resilience: The Key to Security in an Unpredictable World to learn how Cribl Stream gives you more control over your sources and destinations of data, and easy access to the pipeline and shutoff valves you’ll need when an attack happens.