Cyber Resilience: A Proactive Approach to Security
5 min read
Summary:
IoT in transportation is transforming the way we commute, manage fleets, and maintain roads. This technology has the potential to significantly improve traffic flow, public transit, and vehicle technology.
This blog post explores how IoT revolutionizes transportation through connected vehicles, intelligent transportation systems, and smarter fleet management.
Numbers Don’t Lie
While most organizations have some sort of protection against digital threats, recent studies show that what you have in place at the moment, might just not be enough. An astonishing 83% of organizations have experienced more than one breach and it is projected that by 2025, at least 75% of enterprises will face one or more ransomware attacks. Ransomware attack numbers have exploded in 2021 with a 95% increase compared to 2020. Although 2022 has seen a slight decrease, 2023 has so far been quite a good year for the ransomware industry. A certain number of companies budget for these attacks, and rely on their backups and data recovery plan. However, the reality of the situation is that an “old-fashioned” recovery from backups takes, on average, 23 days. When taking into account the ransom amount, money lost while not being able to operate, lost customers, and reputation damage, the average annual cost of a ransomware attack falls on the disturbing number of 5.2 million USD. Can you afford that?
UPDATE: Check out the latest worrying numbers on data breaches in our Unraveling Data Breach Expenses blog.
Cyber Security & Cyber Resilience
There is a certain level of misunderstanding when it comes to distinguishing between cyber security and cyber resilience. Cyber security protects an organization’s digital assets from attacks by focusing on cyber attack prediction, prevention, and response. Having cyber security measures, such as a good SIEM (Security Information and Event Management) system, and a DR (Disaster Recovery) plan, in place, does not mean that your organization is cyber resilient, or even safe from threats. The truth is, no cyber security solution can protect an organization 100%. Even more so with the latest attacks targeting the backups first and then the production systems. Since backups don’t directly influence day-to-day business activities, the attack goes unnoticed. And when the production systems are attacked, it’s already too late to do anything significant. Your organization no longer has the ability to recover, as even though backups exist, they are corrupted just like the production systems.
Cyber resilience, on the other hand, is an organization’s ability to withstand a cyber attack and limit service disruption, and data, infrastructure, and financial losses. We wouldn’t go as far as to compare cyber security and cyber resilience; we consider them together, as no organization can be cyber resilient without having proper cyber security mechanisms. Cyber resiliency requires the integration of cyber security measures to create an interconnected system that will protect the core business capabilities, detect risk surface changes and stay flexible in the world of evolving threats.
True Meaning of Being Cyber Resilient
FOUNDATIONAL SECURITY
Building strong systems requires strong foundations, and the foundation for cyber resilience is cyber security. SIEM, firewall, and antivirus software are a must, along with regular updates, employee training and compliance, and strong physical security measures.
IMMUTABILITY
The first building block is immutability, which means having secure immutable copies of data, copies that can not be changed, and very importantly, can not be deleted. We are seeing an increase in attacks that don’t have money as a goal, but instead – disruption. These kinds of attacks aim to completely wipe data, so that is why it is important to have logically or physically air-gapped copies of data to provide a recovery point following an attack.
DISCOVERY
Immutability is followed by discovery, which implies the continuous scanning of data copies to check whether they are infected. In the scenario where the backups are the attack vector, this might be the first activity to identify infected data. Other helpful activities that might provide indicators that something is not right are performance statistics or data reduction rates.
RECOVERY
After the attack has been discovered and mitigated, the next step is to start the recovery procedures to restore the crucial workloads in a matter of hours. Compare that to the average of 23 days needed to recover the “old-fashioned” way. Additionally, it is important to have an isolated environment to check data copies, before their recovery to the production environment.
AUTOMATION
Finally, automation is there to simplify the procedures and to help accelerate recovery times. Organizations can have more or less automation, ranging from simple user interfaces with orchestration, to solutions fully integrated with existing cyber security software and using automation engines such as Ansible.
Which Steps to Take?
The digital world is getting increasingly dangerous for both SMEs and large organizations, and comprehensive cyber resilience strategies are necessary. There are many factors that make a good strategy, but a good start would be to identify your Minimum Viable Company (MVC). MVC represents a set of business-critical workloads that are crucial for the business, and these need to be recovered within hours to keep the business running. Secondary workloads, that are just as important, but not crucial, can be recovered within days since their business impact is not severe as it would be for the MVC workloads.
MVC workloads most likely already have high availability or synchronous replication to ensure low recovery point and recovery time objectives (RPO and RTO). In our experience, to recover the critical workloads as quickly as possible, you should have immutable data copies on the array to complete the recovery within hours instead of weeks.
Secondary workloads should ideally have long-term data retention, where copies are off the array, and you can aim to recover in days.
There are solutions that claim to cover both, but practice shows that this approach is just not as safe as looking at the business from different perspectives and having a customized approach to each of the components.
IBM Cyber Resiliency Assessment
We understand that the digital world can get a bit intimidating and you just might not know where to start.
To solve that issue, IBM has developed the Cyber Resiliency Assessment (CRAT), a completely free, two-hour virtual workshop with IBM security experts and storage architects that will help your IT and security teams evaluate the current data protection state of your organization, identify strengths and vulnerabilities, and design a roadmap of recommendations to protect your business.
CRAT is based on the National Institute of Standards and Technology at the U.S. Department of Commerce (NIST) Security Framework, and the analysis and recommendations are confidential, vendor-neutral, and non-invasive without the need to install anything or run scripts. It could also be seen as a complimentary step to your organization’s Digital Operational Resilience Act (DORA) compliance strategy.
IBM experts will work with your team to:
- Review data backup, protection, and restoration procedures,
- Identify safeguards to prevent becoming a cyberattack victim, and
- Understand critical business outcomes and connect them to targeted cyber resiliency strategies.
As a result of the assessment, you’ll come away with a:
- Detailed assessment report of findings
- Roadmap of recommended improvements and considerations
- Management presentation, connecting practical methods to achieve your critical business outcomes.
IBM Storage Defender
If you have already completed your Cyber Resiliency Assessment, or you are simply looking for an all-encompassing cyber resiliency solution, IBM Storage Defender might be the right tool for you. It is an end-to-end cyber resiliency solution across your primary and secondary workloads. It leverages intelligent software from IBM and its ecosystem partners to help you to detect threats such as ransomware, exfiltration, and insider attacks, identify the safest recovery points and recover sooner.
There are many upsides to using the IBM Storage Defender, but the most important ones are:
Advanced threat protection
Continuously monitor, detect, and prioritize threats by data type.
Automated data resilience
Identify the safest points of recovery and orchestrate recovery across primary and secondary workloads.
Flexible consumption model
Storage Defender provides credit-based licensing for storage virtualization, data protection, threat detection, and hardware snapshots.
Compliance without compromise
Safely retain data longer to guard against dormant threats.
Built for hybrid cloud
Backup, restore, manage, and monitor across on-premises and cloud-based data storage.
Unified visibility
Determine your data resiliency status across all workloads with a single pane of glass control pane.
We can help with the first step
InnoBoost is an IBM Gold business partner, a level reserved for partners who deliver high-value transformative solutions and achieve the highest levels of customer satisfaction, technical and sales certifications, as well as sales success.
Our skilled, agile, and certified team prides itself on delivering an unparalleled experience to its customers. From system and solution design to configuration, from price negotiation with IBM to ordering and delivery tracking, we ensure a seamless business transition. We also arrange access to other partners and consultants as needed.
Contact us today to schedule your Cyber Resiliency Assessment and find out how your organization fares against modern digital threats.
You may also like…
How watsonx.ai Redefines Customer Service
5 min readSummary Customer service is where companies win the battle for brand loyalty. Traditional customer service suffers from inefficiency, lack of personalization, and inconsistency. But with the help of IBM watsonx.ai, these traditional support mechanisms are...
Homomorphic Encryption Is Changing the Healthcare Industry (Here’s How)
4 min readSummary The healthcare sector hasn’t remained immune to technological progress. From advancing medical research to delivering personalized medicine, these innovations are changing how we approach healthcare from the ground up. Data privacy and patient...
The Role & Effects of Homomorphic Encryption in Modern Data Security
4 min readSummary Slowly but surely, digital transformation is reshaping every aspect of our lives. As technological progress marches on, it’s easy to forget how important it is to keep our most sensitive information safe, especially in sectors like the healthcare...