Cyber Resilience: A Proactive Approach to Security

2023-08-18

5 min read

Summary:

IoT in transportation is transforming the way we commute, manage fleets, and maintain roads. This technology has the potential to significantly improve traffic flow, public transit, and vehicle technology.
This blog post explores how IoT revolutionizes transportation through connected vehicles, intelligent transportation systems, and smarter fleet management.

Numbers Don’t Lie

While most organizations have some sort of protection against digital threats, recent studies show that what you have in place at the moment, might just not be enough. An astonishing 83% of organizations have experienced more than one breach and it is projected that by 2025, at least 75% of enterprises will face one or more ransomware attacks. Ransomware attack numbers have exploded in 2021 with a 95% increase compared to 2020. Although 2022 has seen a slight decrease, 2023 has so far been quite a good year for the ransomware industry. A certain number of companies budget for these attacks, and rely on their backups and data recovery plan. However, the reality of the situation is that an “old-fashioned” recovery from backups takes, on average, 23 days. When taking into account the ransom amount, money lost while not being able to operate, lost customers, and reputation damage, the average annual cost of a ransomware attack falls on the disturbing number of 5.2 million USD. Can you afford that?

 

UPDATE:  Check out the latest worrying numbers on data breaches in our Unraveling Data Breach Expenses blog.

Cyber Security & Cyber Resilience

There is a certain level of misunderstanding when it comes to distinguishing between cyber security and cyber resilience. Cyber security protects an organization’s digital assets from attacks by focusing on cyber attack prediction, prevention, and response. Having cyber security measures, such as a good SIEM (Security Information and Event Management) system, and a DR (Disaster Recovery) plan, in place, does not mean that your organization is cyber resilient, or even safe from threats. The truth is, no cyber security solution can protect an organization 100%. Even more so with the latest attacks targeting the backups first and then the production systems. Since backups don’t directly influence day-to-day business activities, the attack goes unnoticed. And when the production systems are attacked, it’s already too late to do anything significant. Your organization no longer has the ability to recover, as even though backups exist, they are corrupted just like the production systems.

Cyber resilience, on the other hand, is an organization’s ability to withstand a cyber attack and limit service disruption, and data, infrastructure, and financial losses. We wouldn’t go as far as to compare cyber security and cyber resilience; we consider them together, as no organization can be cyber resilient without having proper cyber security mechanisms. Cyber resiliency requires the integration of cyber security measures to create an interconnected system that will protect the core business capabilities, detect risk surface changes and stay flexible in the world of evolving threats.

 

True Meaning of Being Cyber Resilient

FOUNDATIONAL SECURITY

Building strong systems requires strong foundations, and the foundation for cyber resilience is cyber security. SIEM, firewall, and antivirus software are a must, along with regular updates, employee training and compliance, and strong physical security measures.

IMMUTABILITY

The first building block is immutability, which means having secure immutable copies of data, copies that can not be changed, and very importantly, can not be deleted. We are seeing an increase in attacks that don’t have money as a goal, but instead – disruption. These kinds of attacks aim to completely wipe data, so that is why it is important to have logically or physically air-gapped copies of data to provide a recovery point following an attack.

DISCOVERY

Immutability is followed by discovery, which implies the continuous scanning of data copies to check whether they are infected. In the scenario where the backups are the attack vector, this might be the first activity to identify infected data. Other helpful activities that might provide indicators that something is not right are performance statistics or data reduction rates.

RECOVERY

After the attack has been discovered and mitigated, the next step is to start the recovery procedures to restore the crucial workloads in a matter of hours. Compare that to the average of 23 days needed to recover the “old-fashioned” way. Additionally, it is important to have an isolated environment to check data copies, before their recovery to the production environment.

AUTOMATION

Finally, automation is there to simplify the procedures and to help accelerate recovery times. Organizations can have more or less automation, ranging from simple user interfaces with orchestration, to solutions fully integrated with existing cyber security software and using automation engines such as Ansible.

Which Steps to Take?

The digital world is getting increasingly dangerous for both SMEs and large organizations, and comprehensive cyber resilience strategies are necessary. There are many factors that make a good strategy, but a good start would be to identify your Minimum Viable Company (MVC). MVC represents a set of business-critical workloads that are crucial for the business, and these need to be recovered within hours to keep the business running. Secondary workloads, that are just as important, but not crucial, can be recovered within days since their business impact is not severe as it would be for the MVC workloads.

MVC workloads most likely already have high availability or synchronous replication to ensure low recovery point and recovery time objectives (RPO and RTO). In our experience, to recover the critical workloads as quickly as possible, you should have immutable data copies on the array to complete the recovery within hours instead of weeks.

Secondary workloads should ideally have long-term data retention, where copies are off the array, and you can aim to recover in days.

There are solutions that claim to cover both, but practice shows that this approach is just not as safe as looking at the business from different perspectives and having a customized approach to each of the components.

IBM Cyber Resiliency Assessment

We understand that the digital world can get a bit intimidating and you just might not know where to start.
To solve that issue, IBM has developed the Cyber Resiliency Assessment (CRAT), a completely free, two-hour virtual workshop with IBM security experts and storage architects that will help your IT and security teams evaluate the current data protection state of your organization, identify strengths and vulnerabilities, and design a roadmap of recommendations to protect your business.

CRAT is based on the National Institute of Standards and Technology at the U.S. Department of Commerce (NIST) Security Framework, and the analysis and recommendations are confidential, vendor-neutral, and non-invasive without the need to install anything or run scripts. It could also be seen as a complimentary step to your organization’s Digital Operational Resilience Act (DORA) compliance strategy.

IBM experts will work with your team to:

  • Review data backup, protection, and restoration procedures,
  • Identify safeguards to prevent becoming a cyberattack victim, and
  • Understand critical business outcomes and connect them to targeted cyber resiliency strategies.

As a result of the assessment, you’ll come away with a:

  • Detailed assessment report of findings
  • Roadmap of recommended improvements and considerations
  • Management presentation, connecting practical methods to achieve your critical business outcomes.

IBM Storage Defender

If you have already completed your Cyber Resiliency Assessment, or you are simply looking for an all-encompassing cyber resiliency solution, IBM Storage Defender might be the right tool for you. It is an end-to-end cyber resiliency solution across your primary and secondary workloads. It leverages intelligent software from IBM and its ecosystem partners to help you to detect threats such as ransomware, exfiltration, and insider attacks, identify the safest recovery points and recover sooner.

There are many upsides to using the IBM Storage Defender, but the most important ones are:

Advanced threat protection

Continuously monitor, detect, and prioritize threats by data type.

Automated data resilience

Identify the safest points of recovery and orchestrate recovery across primary and secondary workloads.

Flexible consumption model

Storage Defender provides credit-based licensing for storage virtualization, data protection, threat detection, and hardware snapshots.

Compliance without compromise

Safely retain data longer to guard against dormant threats.

Built for hybrid cloud

Backup, restore, manage, and monitor across on-premises and cloud-based data storage.

Unified visibility

Determine your data resiliency status across all workloads with a single pane of glass control pane.

an image explaining all the uses of iot in industrial automation

We can help with the first step

InnoBoost is an IBM Gold business partner, a level reserved for partners who deliver high-value transformative solutions and achieve the highest levels of customer satisfaction, technical and sales certifications, as well as sales success.

Our skilled, agile, and certified team prides itself on delivering an unparalleled experience to its customers. From system and solution design to configuration, from price negotiation with IBM to ordering and delivery tracking, we ensure a seamless business transition. We also arrange access to other partners and consultants as needed.

Contact us today to schedule your Cyber Resiliency Assessment and find out how your organization fares against modern digital threats.

You may also like…

InnoBoost’s Blueprint for Seamless AI Integration

InnoBoost’s Blueprint for Seamless AI Integration

4 min readSummary Implementing artificial intelligence (AI) has quickly become a central focus for almost every company. They, too, want the piece of the cake, to integrate it, to reap its sweet rewards through enhanced productivity, reduced costs, and greater profit....

How InnoBoost Merges AI with IoT for Future Applications

How InnoBoost Merges AI with IoT for Future Applications

5 min readSummary Rarely has there been a technology that transformed industries as much as the Internet of Things (IoT). From smart homes that adjust to our preferences to factories where machines predict their own maintenance, it has ushered in an era of...