/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/post_banners/wp-content/uploads/2016/06/CYBER-5.jpg)
With a cyberattack occurring every 39 seconds, building cyber resilience is never far from our thoughts. Threat intelligence and detection, zero-trust security, and regulations are all striving to predict and catch incidents early. However cyber threats are evolving as fast, maybe faster, than security technologies, challenging them at every step, and frequently winning. Hence cyber resilience cannot only be about stopping attacks at the door; organisations which are built-to-last should focus equally on responding, recovering and rebuilding after the inevitable disaster. With multiple industries considered as critical to national/global security and stability, there has been an increased focus from national governments and regulators to bring in systems and practices to improve cyber resilience, backed by accountability at board and exce-level. This has in fact gained more traction also due to the geo-political developments we keep seeing.
This piece highlights three essentials in a robust recovery strategy:
Incident Response
An incident response mechanism enables organisations to respond swiftly to cybersecurity attacks by listing the protocols and procedures to identify, investigate and address cyber events in real-time. Since every minute counts, security teams need to act with speed to block the attacker from causing further damage. A comprehensive incident response plan (IRP) enables this through a well-defined and maintained call-tree by assigning clear roles and responsibilities to the incident response team, for example, who should be alerted first in the event of an attack, what they should do immediately thereafter, and which leader will provide sponsorship. A business impact analysis and cybersecurity maturity assessment identifies among other things, the key assets (crown jewels) to be protected, and the reporting, compliance and insurance requirements that must be taken care of through a risk based approach
The list of attack vectors is growing day-by-day. By outlining different attack scenarios and the right response for each, an IRP helps organisations prioritise their actions based on the specific threat they are encountering; it also trains their focus on the most important threats in their business – for example, OT (operational technology) risks in manufacturing, or phishing in financial services. An IRP also brings clarity to enterprises’ understanding of security incidents to accelerate response. But to be effective against evolving threats, it needs to be revisited, modified and improved regularly; also required is a coordinated effort across functions, from IT to legal to communications.
Data backup
In 2024, the global average cost of a data breach reached an all-time high of $4.88 million.
One contributor is weak data backup practices: only 41 percent of enterprises did a daily backup, said a 2020 report; another report says 60 percent of data backups fail in times of need and 50 percent of data recovery efforts are found wanting. In a darkly humorous twist, 31st March is designated World Backup Day, perhaps as a timely reminder to guard against cyber pranks on April 1st.
But this is no laughing matter. Alongside incident response, data backup (and regular testing) determines how fast an organisation can get back to business after being cyberattacked. Specifically, sound data backup practices minimise downtime by quickly restoring data and operations to normalcy after a breach, ransomware attack (organisations can fall back on the copy and avoid paying ransom), or wrong deletion; they are also required for regulatory compliance, balancing across security and privacy expectations.
Business continuity
While nearly 90 percent of organisations list resilience among their top priorities, only 70 percent are confident that they can handle disruptions. A business continuity plan (BCP) improves an enterprise’s ability to maintain essential operations, or at least rebuild them quickly, when struck by a disruptive force of any kind, including cyberattack. Like an IRP, a BCP provides clear processes and procedures, as well as roles and responsibilities, to keep the business running during an adverse event, and make a quick recovery; it is tightly coupled with the disaster recovery plan, which is aimed at getting IT systems and services up and running after an incident.
With a scope that may also include maintenance of communication, data protection, and employee safety, a comprehensive BCP reduces downtime, and financial and reputational loss to the organisation. Accordingly, its components include risk assessment, communication plans, backup and recovery strategies, and a program for testing and updating protocols.
Incident response, data backup and business continuity are key aspects of cyber resilience. However, they should be viewed through a long-term perspective to remain effective against evolving cybersecurity threats.
Authored by Brijesh Balakrishnan, Vice President & Global Head of CyberSecurity Practice, Infosys