Forget moats and walls – being cyber secure, like maintaining your health, is about resilience.
- Through adopting resilience as a guiding principle in cybersecurity, you can mitigate damage and speed up recovery
- A company should develop an understanding of the type of breaches it is susceptible to and deploy measures to prevent and when required, detect, and respond to accordingly
- Cybersecurity resilience is the cornerstone of a successful cybersecurity strategy, made possible by next-generation cognitive technologies
- Cybersecurity resilience is more comparable to a healthy body that, from time to time, must face disease or injury, and is incredibly useful when the situation calls for detection, response, and recovery
Prevention is better than cure or so the saying goes. It is considered a fundamental principle of modern health care. For example, if you catch something before it becomes a serious problem, you could enjoy a long and healthy life. However, the COVID-19 pandemic has demonstrated that even with diligent application of preventative measures, breakthrough infections still occur and when they do, your general health significantly affects the severity and outcome
How does the analogy of healthcare link to cybersecurity? Gijima, as a leading cybersecurity provider, believes that good cybersecurity isn’t only about prevention but requires increased focus applied to detection and response to be resilient.
“Resilience is about balance” explains Lukas van der Merwe, Specialist Sales Executive: Security at Gijima. “Prevention remains vitally important – you must attempt to stop attackers before they achieve success. The challenge is that the increased frequency and complexity of cyber-attacks suggests that a breach is almost inevitable. This is where the healthcare comparison becomes relevant. It doesn’t matter how well you look after yourself. You are bound to catch an illness or suffer injury. You cannot stay 100% safe, but you can build your
resilience to mitigate damage and speed up recovery. The same with your cybersecurity system, you have to build into it a strong element of resilience.”
Time is on the criminals’ side
Like a sneaky virus, it is often difficult to immediately discover a breach especially if it’s the first time it hits. Dwell time – which is the amount of time between a breach and detecting that breach – can vary considerably. Some estimates go as low as 30 days, while others speak of dwell times lasting more than a year.
Dwell time depends a lot on the type of breach, the target, and the criminals. For example, it took a year before the 2019 breach that hit the Texas-based information technology firm, SolarWinds, became known internally and then an average of 95 days for each SolarWinds customer to detect subsequent breaches using that attack. Some attacks vectors, such as ransomware, are immediate and very visible, while other attacks benefit from keeping a low profile. Increasingly, criminals will combine different strategies.
Van der Merwe explains. “You should understand the type of cyber risk you face as an organisation and deploy measures to prevent those attacks. However, to become resilient, you need to look beyond prevention, because once someone gains access to your systems the damage can increase exponentially, inflating costs. Many companies don’t know how they were breached or exactly what they lost. As a result, they end up wasting valuable resources in an attempt to regain control. The end goal should therefore be to achieve resilience despite cyber-attacks.”
Resilience through managed security
Despite the exponential increase in cyber threats, technology and service providers managed to keep pace due to the development and adoption of cognitive technology integrated into managed security services. “Gijima has a case study that demonstrates how,” Van der Merwe tells the story:
“Midway through 2019 ransomware was identified at one of our customers. At the time, next-generation technologies were not yet deployed and the process to investigate, inform and take decisive action took long enough to allow the ransomware to spread. Following this incident, the security technology deployment roadmap was accelerated and included the adoption of next-generation cognitive capabilities and automation.”
Later that same year, the same client experienced another ransomware attack. But this time, with Gijima’s support, they were ready.
“We were able to observe, using expert skills and mature processes, how these technologies would improve their resilience. Within minutes, the investigative process was concluded, the threat identified, and the automated incident response process initiated. The entire lifecycle of this event was less than an hour with no impact to the business.”
Cognitive security creates resilience, and resilience is the cornerstone of a successful cybersecurity strategy, made possible by next-generation technologies such as AI and SOAR (security orchestration, automation, and response).
Don’t think of a wall or moat that keeps barbarians at bay. Resilience is more comparable to a healthy body that, from time to time, has to face disease or injury. It develops an awareness that can lead to prevention and is incredibly useful when the situation calls for detection, response and recovery.
What is the best way to bring this resilience into your company? In the next article, Van der Merwe will continue to share his experience and unpack the benefits of managed security services versus doing it all yourself. But suffice to say, a resilient organisation is your best bet against cybercriminals and the damage they bring.
Learn more about cyber resilience and the modern security practices that make it possible at the upcoming Gijima Cybersecurity Resilience Webinar. Join Gijima on 3 November 2021 and discover what resilience means to you and your business.
Chief Marketing Officer
010 449 5000
010 449 5000
083 301 7878