Twelve Steps to Cyber Resiliency
Author: Derek Mankey, Fortinet
Re-published from December 22, 2023
Improving cybersecurity resiliency is crucial for modern organizations protecting themselves against today’s evolving cyberthreats. The question is no longer if you’ll be attacked but when. So the key issue organizations need to grapple with is, “What happens then?”
As always, the building blocks are technologies, people, and processes. But how they’re implemented and what they include are what make the difference between successfully navigating a concerted attack and struggling to recover. Remember, cybersecurity is a moving target, and resiliency and adaptability must be at the core of your strategy.
Here are a dozen key measures every organization should adopt to enhance their cybersecurity resiliency.
Four Strategic Building Blocks for Creating Resilient Cybersecurity
- Build a robust cybersecurity culture: Develop a culture of cybersecurity awareness throughout your organization. This starts with ensuring that employees at all levels are aware of common cyber risks and understand their role in maintaining security. This should include conducting regular cybersecurity training sessions, implementing phishing simulations, and building awareness programs to keep your workforce informed and vigilant on the latest threats.
- Dismantle internal silos: Foster collaboration and communication among different departments, especially between your network operations center (NOC) and security operations center (SOC) teams. This ensures a unified approach to cybersecurity and reduces response times in the face of threats.
- Collaborate and share threat intelligence: Engage in collaborative efforts and share threat intelligence with industry peers, law enforcement agencies, and relevant cybersecurity organizations. This collective approach will allow you to stay informed about emerging threats and adopt proactive measures. The new Cybercrime Atlas project—hosted by The World Economic Forum with support from Fortinet, Microsoft, PayPal, and Santander—gathers and collates information about the cybercrime ecosystem and is a good example of the power of collaboration to disrupt cybercriminal activity.
- Creatively address the cybersecurity skills gap: The shortage of skilled professionals is a significant challenge, approaching 4 million open positions worldwide. Pursuing only “traditional” candidates with previous cybersecurity experience or a degree in a related field is no longer an effective hiring strategy. You need to invest in training and upskilling your existing workforce and look outside your normal hiring channels. You should also provide opportunities for continuous learning and certification programs to keep your teams well-equipped to handle evolving threats.
Eight Tactical Next Steps for Improving Your Cybersecurity
- Develop and test an incident response plan: Create a comprehensive incident response plan and related playbooks that outline the steps to take in the event of a cybersecurity incident. But a plan sitting in a drawer is of little value. You also need to regularly test and update your plans to ensure their effectiveness. This includes conducting simulated exercises, such as tabletop drills, to allow your key stakeholders to practice and refine their responses to different types of cyberthreats.
- Create a cybersecurity incident communication plan: Develop a communication plan that outlines how the members of your organization will communicate with internal and external stakeholders in the event of a cybersecurity incident. Clearly define roles, responsibilities, and chains of command to ensure a coordinated and transparent response.
- Invest in an advanced security technology platform: Stay ahead of cyberthreats by investing in advanced security technologies. Next-generation firewalls, intrusion detection and prevention systems, endpoint protection, and security information and event management (SIEM) solutions are essential, but less effective when operating in siloes. Look for systems and platforms designed to function as an integrated system to enhance responsiveness, reduce vendor sprawl, enhance visibility and control, and centralized management. This holistic security approach should also support new technologies, such as the SASE/SSE solutions you are deploying to connect and protect your expanding edge and work-from-anywhere environments. At the same time, any platform under consideration needs to include integrated artificial intelligence (AI) and machine learning (ML) technologies to accelerate threat detection, analysis, and response anywhere across your distributed network.
- Implement multi-factor authentication (MFA) and zero-trust network access (ZTNA): Enforce MFA for accessing sensitive systems and data. MFA adds an extra layer of security by requiring your users to verify their identity through multiple means, such as passwords, biometrics, or smart cards. This significantly reduces the risk of unauthorized access, even in the event of compromised passwords. Adding ZTNA enhances secure access to sensitive resources by providing encrypted tunnels, granular access controls, per-application access, and ongoing connection monitoring.
- Regularly update and patch systems: Despite years of guidance, this continues to be one of the top threats to network security and integrity. Regularly patching vulnerabilities is a fundamental measure to prevent exploitation by cybercriminals. It is imperative that you keep all software, operating systems, and applications up to date with the latest security patches. Start by establishing a patch-management process to streamline updates and ensure timely implementation. Look to leverage AI and other systems to automate tedious patching tasks.
- Conduct regular security audits and assessments: Perform regular security audits and risk assessments to identify vulnerabilities and weaknesses in your organization’s infrastructure. This proactive approach helps in addressing potential issues before they can be exploited by threat actors. Consider leveraging outside groups to help identify issues that your internal team may overlook.
- Segment your network and regularly back up data: Implement a robust data backup and recovery strategy. Regularly back up critical data and ensure that backups are stored in secure, isolated environments off-network. This ensures that, in the event of a ransomware attack or data loss, your organization can quickly recover essential information. Similarly, robust network segmentation ensures that the impact of a breach is limited in scope, aiding in the rapid recovery of your network while maintaining business resiliency.
- Evaluate and enhance third-party security: Assess and monitor the cybersecurity practices of third-party vendors and partners, such as your supply chain providers. Ensure that they adhere to the same high-security standards as your organization to prevent potential security gaps through external connections.
A holistic and proactive approach to cybersecurity is essential to keeping ahead of today’s ever-evolving threat landscape. By implementing these measures, your organization can significantly enhance its cybersecurity resiliency, readily adapt to emerging threats, and minimize the impact of cyber incidents.