Maintaining robust cybersecurity is fundamental. Making sure your business is cyber resilient is the next requirement.
Most individuals aspire to be resilient. We want to bounce back from adversity, maintain our health and well-being, and rise to the occasions that life presents. Most businesses have similar aspirations.
Defining Cyber Resilience
In general terms, resilience is defined as “the ability to withstand or to recover quickly from difficulties,” according to the Oxford Dictionary.
The MITRE organization took the term resilience into cyberspace when it developed the Cyber Resiliency Engineering Framework in 2011. MITRE is a non-profit organization that conceives solutions to enhance U.S. national security and commercial cybersecurity. The organization describes cyber resiliency as the need “for information and communications systems, and those who depend on them, to be resilient in the face of persistent, stealthy, and sophisticated attacks focused on cyber resources.”
In the U.S., resilience to cyberattacks is essential not only to our information systems and IT, but also to our critical infrastructure, core business processes, commercial enterprises and other organizations, and entire industries.
The National Institute of Standards and Technology (NIST), in its cyber resilience framework, defines cyber resilience as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Cyber resiliency is intended to enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment.”
Finally, according to IBM, “a measured level of information security proficiency and resilience affects how well an organization can continue business operations with little to no downtime.”
The Common Theme in Cyber Resilience
What these and other definitions share in common is a focus on the proactive nature of cyber resilience. Resilience must be deliberately baked in to an organization’s environment, processes, and culture through positive actions that are taken well in advance of a cyberattack or cybersecurity incident.
- Anticipating potential incidents, and installing hard and soft defenses against them, is the first step toward cyber resilience, as emphasized by NIST.
- Recovering from a cyberattack, and learning from it in order to adapt to potential adversities in the future, is the objective of any effective incident response plan.
The development of a robust cybersecurity program and its numerous components demands a proactive approach. An effective program cannot be built by simply reacting to each individual incident; the result of such a strategy is a mass of band-aids that address only certain vulnerabilities and threats.
Building a resilient organization proactively and strategically is the key to being able to respond quickly, properly, and effectively to serious cybersecurity incidents—without missing a beat. It will help you keep the doors open, the lights on, and your business operating.
Leadership in Cyber Resilience
Chief Information Security Officers and similar positions understand the strategic imperative for cyber resilience. The business must continue to operate in the wake of ransomware attacks, network hacks, and other cybersecurity incidents, or suffer serious consequences.
Beyond the fundamental cybersecurity mission, CISOs and related positions must envision, articulate, and lead the commitment to cyber resilience throughout the organization. This extends beyond cybersecurity safeguards such as security software, technology, and tools to encompass your incident preparedness in terms of employees, partners, and the company at large.
Resources That Promote Cyber Resilience
Numerous papers and other resources are available to help guide organizations on the journey to cyber resilience. The NIST Computer Security Resource Center is a great place to start.
Useful guidance is also available from MITRE for the purpose of “arming the worldwide community of cyber defenders” by giving them “vital information to thwart network intruders, build resiliency against future attacks, and develop assurance to overcome possible vulnerabilities.”
Another resource is the Cyber Range at the Alan B. Levan Center for Innovation at Nova Southeastern University developed in partnership with 24By7Security. The Center for Innovation is located in Broward County, in the heart of the tri-county region known as South Florida. It is an economic development engine focused on the themes of Innovation, Technology, and Entrepreneurship. Its four pillars promote ideation, incubation, acceleration, and post-acceleration.
The Center is one of the largest of its kind in the nation, occupying 54,000 square feet of space, which includes a ground-breaking cybersecurity training range providing Cyber Range services. A Cyber Range Experience plays an integral role in elevating cyber resilience in 2024, and in building and maintaining cyber resilience. In the Elevating Cyber Resilience webinar, attendees will gain first-hand insights on how the Levan Center of Innovation Cyber Range provides dynamic training environments, allowing organizations to simulate cyber threats, test defensive capabilities, and enhance the skills of cybersecurity professionals.
Programs offered by the Cyber Range include IT and cybersecurity certifications and specialized workshops, seminars, and short courses geared to entry-level, mid-level, and advanced cybersecurity training. The Cyber Range operates on a separate server from the rest of the University, and its mission and design were assisted by Sanjay Deo, Founder and President of 24By7Security, Inc. and a recognized leader in the field of cybersecurity.
Since opening in 2021, the Cyber Range at NSU has become the most powerful military-grade cybersecurity training and resource facility in the southeastern U.S., helping attendees advance their cybersecurity skills and cyber resilience tactics through targeted training and real-time simulations of network hacks, ransomware attacks, and other cybersecurity incidents.
This innovative Cyber Range serves another noble purpose as well, by encouraging entrepreneurs and start-up companies to create new technologies to:
- Enhance cybersecurity,
- Empower cyber defenders and discourage cybercriminals,
- Enable a more secure future for data, systems, and organizations, and
- Promote cyber resilience among members of industry, government, and academia.
Diving Deeper into Cyber Resilience
The cyber landscape is constantly evolving. Innumerable threats jeopardize the confidentiality, integrity, and availability of our data every day. According to the FBI, cybercrime isn’t just the plague of large enterprises—small and mid-sized businesses have become prime targets as well.
All businesses can do a better job in creating robust, compliant cybersecurity programs and developing strategies for instilling cyber resilience throughout their organizations. Offered as an additional resource, an upcoming webinar on February 8th will feature renowned cybersecurity experts and thought leaders, Sanjay Deo and John Wensveen, on Elevating Cyber Resilience in 2024. This impressive and engaging duo will explore the ongoing risks and escalating threats that face organizations today, from the positive and negative effects of AI in cybersecurity to the implications of legislative changes, privacy concerns, and new security policies, to the compelling case for strengthening cybersecurity resilience in 2024. Set aside an hour at 2 pm Eastern Time on Thursday, February 8, 2024—and bring your questions for the experts!
Most definitions of cyber resilience agree that keeping the business open and operating during and after a cybersecurity incident is the primary goal of any cyber resilience initiative. A common theme emphasizes the requirement for proactive development and advanced preparation. Organizations must be able to anticipate threats and withstand, recover from, and adapt to adverse conditions, stresses, and cyberattacks.
Many resources are available to guide organizations on the path to cyber resilience in 2024, and links have been provided in this article. Take your first step toward cyber resilience by leveraging these and other resources.