The emergence of destructive cyberattacks has given rise to the increasing use of the term “cyber resilience”. But what exactly does it mean? And how does an organization become cyber resilient?
Many organizations will readily invest in preventative and detective technologies, in the hopes it will provide a virtual castle-and-moat against the increasing volume and sophistication of cyberattacks. Yet, the pervasiveness of adversaries continues, with the recent M&S, Harrods, and Co-op attacks of late just another example that tech investments don’t necessarily result in a winning hand.
True cyber resilience lies beyond simply deploying a tech solution off-the-shelf; it’s about how these solutions are used, your company culture, and whether you have the necessary skills and processes to maintain it.
Yet, many IT and security teams continue to operate in silos that leave their business vulnerable. In fact, our research found that 31% of IT and security professionals consider collaboration between their IT and security teams “weak,” while two in five (40%) report that collaboration between the teams continues to stagnate – or even decline.
While it’s right to establish distinction between IT and security teams, they must have the muscle memory and lines of communication required to minimize disruption and accelerate recovery in a time of crisis.
So, how can IT and security teams work together to ensure the right governance, processes, and technologies are in place to respond to crises and build long-term resiliency?
Vice President of Cyber Resiliency Strategy at Cohesity.
Incident response: The foundations for resiliency
An effective incident response strategy will be the foundational thread that brings together your people, processes and technology. A critical first step is to define key responsibilities – your security team, for example should focus on detecting the breach, containing its spread, and identifying the entry point.
Meanwhile, your IT team should focus on remediation and ensuring business continuity. Responsibilities should include managing the response to system outages, restoring critical infrastructure, re-setting authentication tokens and passwords, deleting malicious accounts, and installing software patches.
IT and security teams must agree on policies for governance and incident escalation, ensuring this is put into practice from the outset. Communication is one of the first things to break in a crisis, so it’s vital to establish communication protocols and capabilities. How will you talk? How often? What happens when a major decision needs to be made? Do you have a joint workflow for an attack?
A shared document outlining specific responsibilities, key contacts, escalation paths, and recovery strategies will provide the foundations for both teams to move quickly and act methodically, even when emotions are running high.
Building a ‘shared responsibility model’
An effective incident response strategy should also include the creation of a ‘shared responsibility model’, which establish clear, step-by-step procedures for responding to cyberattacks.
As part of this, businesses should consider setting up a Clean Room, which is an isolated, secure environment where IT and security teams can align on investigation and remediation without the risk of reinfection. This controlled space would allow teams to analyze the attack, build a timeline, and develop a recovery plan that removes the threat and prevents reinfection.
Once systems are confirmed as clean and data recovered, it can be moved to a staging area for testing before being reintroduced into live systems. This may take longer than stakeholders would like, but the cost of improper recovery could ultimately result in systems being hit again and taken down for longer.
Fostering greater IT and security alignment
A healthy competitiveness often exists between IT and security teams. IT wants to innovate, while security wants to lock things down. These teams are made up of brilliant minds. However, faced with the pressure of a crisis, simmering issues may come to a head, or they may become so fixated on solving the issue that they fail to update others.
To build an effective incident response strategy, identifying a shared vision is essential. Leadership should host joint workshops in which teams learn more about each other and share ideas about embedding security into system architecture. Furthermore, these sessions should simulate real-world crises, ensuring that each team is familiar with how their roles intersect during a high-pressure situation and feel comfortable when an actual crisis arises.
Measuring incident readiness and resiliency
Most importantly, IT and security teams should continuously benchmark against a cyber resiliency maturity model to optimize their people, process, and technology. While there are the classic measures like Mean Time to Detect, Mean Time to Respond, and Mean Time to Remediate to ensure teams are working towards something, for me, it’s about assessing readiness through structured activities.
By simulating realistic scenarios – from ransomware incidents to malware attacks – those in leadership positions can directly test and measure the incident response plan so it becomes an ingrained process. Throw in curveballs when needed, and use these exercises to identify gaps in processes, tools, or communication.
Remember that cyber resilience is like a chain – the capability of the weakest link will drag down your overall level of cyber resilience. Therefore, my key takeaway is this: create shared purpose, simplify escalation paths by giving frontline responders clear roles, automate what you can, and ensure communications channels are streamlined and always available. If you can overcome occupational silos and get security and IT working together, most other issues will cease to exist.
We've featured the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.