The pandemic radically changed how businesses operate – a move to hybrid working and an in-parallel switch to enhanced digital integration saw to that. However, it wasn’t straightforward. The tentative steps towards implementing digitized processes that had occurred pre-Covid-19 quickly accelerated into a run when the virus hit, with off-the-shelf solutions being hurriedly applied like digital sticking plasters.
Unfortunately, many were not fully fit for purpose. The result: digitization with holes.
Gaps in service continuity, while frustrating, are normally possible to identify. Security weaknesses, however, often only come to light once a cyberattack has occurred, no matter how good your threat hunting team is - you will always miss something.
The cybersecurity landscape is only going to get more complicated as widespread hybrid environments show no sign of abating, expanding the attack surface and increasing the asset management challenge. An expanding range of threats and the growing sophistication of bad actors are making life even more difficult for businesses, no matter how well-prepared they think they are against attacks. As a result, operational resilience – the ability to maintain service delivery by anticipating, withstanding, recovering and/or adapting to changing conditions – is now as much a boardroom concern as the attack itself.
Taking a complete view
A comprehensive understanding of how individual aspects of resilience add up to create a robust, unified methodology is essential if critical holes are to be avoided. The underlying issue is that organizations will need to prioritize limited resources towards protecting and improving important systems but it’s difficult to identify which systems to focus on, beyond immediate functional needs, with only current siloed visibility and limited business context.
According to recent insights from Statista, during the third quarter of 2022 approximately 15 million data records were exposed worldwide through cyberattacks and incidents, an increase of 37% on the previous quarter. A number of factors were involved, including ongoing geopolitical turmoil, and none are likely to abate in 2023. The efforts to embed resilience at the heart of a business must be intensified.
Ransomware – the old enemy – remains a threat, as highlighted in our ‘2022 State of Security’ report, where 79% of organizations said they have experienced a ransomware attack and nearly half said an attack had led to a loss of data and system availability. Amongst these victims, just 33% restored from backups and refused to pay the ransom. Worryingly, the criminals are continuing to innovate and profit.
Mark Woods is Chief Technical Advisor for EMEA at Splunk.
Raised to the power of three
We’re far beyond criminals merely encrypting data in return for a ransom. Attackers have long replaced that with more damaging two-step and three-step approaches that extort individuals and companies to protect their breached data, and simultaneously paralyses the organisation’s systems.
Cybercrime-as-a-Service, which has proliferated in recent years, also makes it possible for people with no technical expertise to participate in illegal activity; low-skilled cybercriminals can launch sophisticated attacks, at scale. Part of the answer is to ensure enterprises use the latest threat detection systems and processes in their security operations centers (SOC) so they can detect, prevent, monitor, investigate and respond to cyber threats, around the clock; but without a wider resilience framework, adapting to these threats is an implausible task.
Welcome to the machine
Operational resilience is an important concept for helping businesses handle adverse situations; the better it’s used to bring together, highlight and where relevant mitigate and/or respond to functional risks, the less likely it is that critical services or products fail. From a defense perspective, it’s essential to not only deploy the best possible combination of tools and systems but to be able to aggregate and understand impact in the context of the service/product being delivered. This means being able to share relevant context and insight between other functional and specialist teams at the right-time, not just in retrospect; building towards adaptive proactivity rather than just optimizing reactivity.
Automation has an important role to play here, especially in the face of skills shortages. But even the smartest systems still need to be enhanced and updated, relying on the coverage and quality of data. The pressure is on businesses to develop and instigate protection strategies in an evolving and increasingly sophisticated threat landscape, but even automation ‘powered’ by machine learning will not address the problem on its own. A robust and data-enabled resilience framework can really make a difference - empowering experts to prioritize the mitigation of threats and optimize responses, including automation, based on a real and adapting business context.
It’s also true that leadership around resilience isn’t always clear. Many organizations are asking their chief technology officers (CTOs) to lead the overall resilience charge, while others are looking to CISOs to take on the responsibility. Cybercriminals exploit holes and that includes ones at the C-Suite level. For the best results, the two roles need to be working in tandem through centralized, unsiloed oversight with a clear and resourced mandate, to deliver greater efficiency, stronger resilience and better service focused insights. Operational resilience starts at the top or it doesn’t start at all - but its ongoing success is reliant on a shared framework and data that enables critical functional teams, like security and IT, to contribute and improve services bottom-up.
