top of page
Writer's pictureJoseph Martinos

Preparing for the Unknown: The Essence of Cyber Resilience


"Robert S. Mueller III, former Director of the FBI and the current Special Counsel investigating Russian interference in the US election, famously stated, 'There are only two types of companies: Those that have been hacked and those that will be hacked.' This thought-provoking quote underscores the inevitable reality that virtually every company will, at some point, face the threat of a cyberattack.

In this context, it is vital to recognize that while defenders tirelessly work to protect their digital realms, adversaries need just one successful breach to unleash chaos. This compels us to confront fundamental questions: Can our company not only endure a cyberattack but also maintain operational effectiveness throughout the ordeal? Will it ultimately emerge from such a crisis intact? This is where the concept of Cyber Resilience comes to the forefront.


Understanding the foundations of Cyber Resilience


According to NIST SP 800-160, VOL. 2, REV. 1, " Cyber resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources."


NIST SP 800-160, VOL. 2, REV. 1 defines the following 4 Goals in its cyber resiliency engineering framework:

  • Anticipate: Anticipating potential threats and vulnerabilities is the first step in building cyber resiliency. This involves continuously monitoring the threat landscape, staying informed about emerging threats, and conducting risk assessments to identify vulnerabilities within an organization's digital infrastructure.

  • Withstand: Secure the capacity to sustain critical business or mission operations in the face of adversity. To attain this objective, it is vital to pinpoint the critical missions or business functions within the organization.

  • Recover: Recover operational capabilities during and after cyberattacks. This might involves not only restoring systems and data but also analyzing the attack to learn from it and improve future defenses.

  • Adapt: Adapting to new threats, technologies, and vulnerabilities is essential for long-term cyber resilience. Modification mission or business function might be necessary in light of changes in the technical environments.

In addition to the 4 Goals presented, the framework includes 8 objectives and 14 techniques.

Objectives are a precise declarations outlining what a system aims to accomplish within its operational context and over its entire life span to satisfy stakeholder requirements for mission assurance and robust security.

Techniques refers to a collection or category of practices and technologies designed to attain specific goals or objectives by offering capabilities.


Source: MITRE CREF Navigator*


The hierarchy of cyber resiliency goals and objectives depends on the mission or business goals. As a result, the choice of particular cyber resiliency techniques and methods is influenced, at least in part, by the relative importance of the objectives they uphold.


Useful Tool from MITRE


In February 2023, MITRE launched the Cyber Resiliency Engineering Framework Navigator.

It is a visualization tools which helps organizations better structure their cyber resiliency strategies. The tool is based on the NIST SP 800 160 which can be used by solution architects and cybersecurity professionals to embed cyber resiliency in their systems.

The navigator could be as well used to check the relationship between the different components of the cyber resilience framework.




Source: MITRE CREF Navigator*


Benefits of Cyber Resilience

  • Enhanced Security Posture: Cyber resilience is proactive rather than reactive, focusing on identifying vulnerabilities and weaknesses in a system before they can be exploited. This approach helps organizations strengthen their overall security posture by continuously improving their defenses against evolving cyber threats. By assessing, monitoring, and adapting to potential risks, organizations are better equipped to withstand attacks and protect their digital assets.

  • Customer Trust and Reputation Management: Cyber resilience contributes significantly to building and maintaining customer trust. When customers are assured that their data is secure, they are more likely to engage with an organization and remain loyal to its services. A reputation for strong cyber resilience can differentiate an organization from its competitors, attracting customers who prioritize security and data privacy.

  • Stakeholder Confidence: Cyber resilience strengthens the confidence of stakeholders, including investors, partners, and board members. Demonstrating a strong cybersecurity posture provides assurance that the organization is proactive in managing risks and protecting its interests. This confidence can translate into increased investments, partnerships, and collaboration opportunities, further fuelling the organization's growth and sustainability.

  • Cost-Effectiveness: While investing in cyber resilience measures requires an upfront investment, the long-term benefits outweigh the initial costs. Proactive measures, such as regular vulnerability assessments and staff training, are more cost-effective than dealing with the fallout of a successful cyber attack.

Don't confuse Cyber Resilience with Business Continuity


It's essential not to confuse Cyber Resilience with Business Continuity. These are two distinct but interrelated concepts that serve different yet complementary purposes within the realm of organizational preparedness. Below is a summary table showcasing the key differences between Cyber Resilience and Business Continuity (BCP), highlighting their distinct purposes, scopes, components, and impacts on organizations:

Aspect

Cyber Resilience

Business Continuity

Definition

The ability to prepare for, respond to, and recover from cyber threats while ensuring business continuity.

​The ability to maintain essential business operations in the event of disruptions, including cyber threats.

Scope

Primarily focused on adapting to cyber threats and mitigating their impact

Encompasses a broader range of disruptions, including natural disasters and others.

Purpose

Mitigate cyber risks and protect digital assets, data, and systems

Ensure the overall continuity of business operations in case of various disruptions

Timeframe

Emphasizes real-time responses and proactive measures to mitigate immediate threats.

Focused on short-term and long-term continuity strategies, including recovery and restoration.

Focus

Cybersecurity measures, including threat detection, prevention, and mitigation.

Wider-reaching strategies that include disaster recovery, incident response, and IT resilience planning.

Components

Continuous monitoring, vulnerability assessments, incident response planning, employee training, and more.

Backup and recovery solutions, off-site data storage, crisis communication, and infrastructure redundancy

Applicability

Relevant to any organization that relies on digital assets and systems.

Primarily focused on businesses that require uninterrupted operations for success.

Cost-Effectiveness

May require an initial investment in cybersecurity measures but helps mitigate long-term financial losses.

Investments may include disaster recovery planning, redundant systems, and other continuity measures.

In conclusion, as technology continues its relentless advance, the inescapable reality of cyberattacks becomes increasingly apparent. Organizations must stand prepared, acknowledging the potential for their systems to be breached and compromised. It is imperative for them to not only acknowledge this potential but to rigorously assess their capacity to endure and sustain operations in the face of such adversity.


References:

28 views0 comments

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page