December 15, 2020 By Kurt Messingschlager 6 min read

Cyber threats like ransomware, which made its very first appearance in 1989 and has been on security teams’ and law enforcement’s radar for the past 7 or 8 years, are not fads. It’s not going away. In fact, the cash-rich ransomware industry is flourishing. As a result, organizations are moving from the era of possibility to the era of probability of a successful cyber breach. It’s not hyperbole to say that it’s no longer a question of if an organization will face a cyberattack but rather when.

Protecting against ransomware is a top priority for most organizations as they look to protect themselves against lost productivity, lost brand equity or trust, and lost revenue. Protection against ransomware should be a 2-pronged approach with a focus on security and resiliency:

  • With cybersecurity, the objective is preventative in nature. “Lock the doors to keep any bad actors out in the first place.”
  • With cyber resiliency, the objective is to prevail in the event of a cyber breach. “The odds are we will be breached. We need to plan and prepare in order to continue operations despite a breach.”

It’s important to note: Organizations should work towards being both cyber secure and cyber resilient.

In the past, business continuity was comprised of 3 protection practices. We now have a 4th protection practice. I will start by reviewing the 3 well-established protection practices and then talk about where cyber resiliency fits in.

  • Backup: Protects files, folders, drives against corruption or accidental (and in some cases intentional) deletion.
  • High availability: Protects against a larger, localized outage or event — for example, an outage within a site: a server or a storage array goes down, or you lose power to a portion of the data center.
  • Disaster recovery (DR): Protects against an even larger outage — for example, an outage that affects an entire site, such as a catastrophic disaster like a fire, flood or earthquake that takes out an entire data center.
  • Cyber resiliency: The newest protection practice under the business continuity umbrella. While these cyber resiliency practices are new, they shouldn’t be too tough to understand in that cyber resiliency practices are a blend of existing backup and DR practices, which is the reason why cyber resiliency is seated between backup and DR. Cyber resiliency is similar to backup in the protection method; it involves point-in-time copies. Cyber resiliency is similar to DR in the size and scale of the data loss. While the data center may not be lost due to a natural disaster — the building is still standing, the power is still on — a virus can cause widespread damage similar to a losing a site, requiring DR-like restore operations.

Thankfully, the US National Institute of Standards and Technology (NIST) has published a “Cybersecurity Framework” for safeguarding critical infrastructure. The framework integrates industry standards and best practices to help organizations develop or improve their cyber protection measures.

The NIST Framework is made up of 5 functions. You can think of these functions as steps, but notice that they are in a loop, signaling that there’s an expectation of continuous updates and improvements over time. Keep in mind that cyber resiliency is all about planning and preparing before a breach occurs. Not surprisingly, the first 4 functions — identify, protect, detect and respond — focus on planning and preparation to ensure a successful recovery.

Anyone can download and use the NIST Framework and corresponding white papers to aid them in their self-directed cyber-protection efforts. For those who would rather not go it alone, and would prefer some outside assistance and expertise, IBM System Lab Services has built the Cyber-Incident Response Storage Assessment (CIRSA) using the NIST Framework to expedite clients’ cyber resiliency protection efforts. For organizations that would like assistance and expertise, the CIRSA offering is a great vehicle for starting down the path to cyber resiliency.

>> Contact IBM Systems Lab Services

Cyber threats like ransomware, which made its very first appearance in 1989 and has been on security teams’ and law enforcement’s radar for the past 7 or 8 years, are not fads. It’s not going away. In fact, the cash-rich ransomware industry is flourishing. As a result, organizations are moving from the era of possibility to the era of probability of a successful cyber breach. It’s not hyperbole to say that it’s no longer a question of if an organization will face a cyberattack but rather when.

Protecting against ransomware is a top priority for most organizations as they look to protect themselves against lost productivity, lost brand equity or trust, and lost revenue. Protection against ransomware should be a 2-pronged approach with a focus on security and resiliency:

  • With cybersecurity, the objective is preventative in nature. “Lock the doors to keep any bad actors out in the first place.”
  • With cyber resiliency, the objective is to prevail in the event of a cyber breach. “The odds are we will be breached. We need to plan and prepare in order to continue operations despite a breach.”

It’s important to note: Organizations should work towards being both cyber secure and cyber resilient.

In the past, business continuity was comprised of 3 protection practices. We now have a 4th protection practice. I will start by reviewing the 3 well-established protection practices and then talk about where cyber resiliency fits in.

  • Backup: Protects files, folders, drives against corruption or accidental (and in some cases intentional) deletion.
  • High availability: Protects against a larger, localized outage or event — for example, an outage within a site: a server or a storage array goes down, or you lose power to a portion of the data center.
  • Disaster recovery (DR): Protects against an even larger outage — for example, an outage that affects an entire site, such as a catastrophic disaster like a fire, flood or earthquake that takes out an entire data center.
  • Cyber resiliency: The newest protection practice under the business continuity umbrella. While these cyber resiliency practices are new, they shouldn’t be too tough to understand in that cyber resiliency practices are a blend of existing backup and DR practices, which is the reason why cyber resiliency is seated between backup and DR. Cyber resiliency is similar to backup in the protection method; it involves point-in-time copies. Cyber resiliency is similar to DR in the size and scale of the data loss. While the data center may not be lost due to a natural disaster — the building is still standing, the power is still on — a virus can cause widespread damage similar to a losing a site, requiring DR-like restore operations.

Thankfully, the US National Institute of Standards and Technology (NIST) has published a “Cybersecurity Framework” for safeguarding critical infrastructure. The framework integrates industry standards and best practices to help organizations develop or improve their cyber protection measures.

The NIST Framework is made up of 5 functions. You can think of these functions as steps, but notice that they are in a loop, signaling that there’s an expectation of continuous updates and improvements over time. Keep in mind that cyber resiliency is all about planning and preparing before a breach occurs. Not surprisingly, the first 4 functions — identify, protect, detect and respond — focus on planning and preparation to ensure a successful recovery.

Anyone can download and use the NIST Framework and corresponding white papers to aid them in their self-directed cyber-protection efforts. For those who would rather not go it alone, and would prefer some outside assistance and expertise, IBM System Lab Services has built the Cyber-Incident Response Storage Assessment (CIRSA) using the NIST Framework to expedite clients’ cyber resiliency protection efforts. For organizations that would like assistance and expertise, the CIRSA offering is a great vehicle for starting down the path to cyber resiliency.

>> Contact IBM Systems Lab Services

Was this article helpful?
YesNo

More from Cybersecurity

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

Data privacy examples

9 min read - An online retailer always gets users' explicit consent before sharing customer data with its partners. A navigation app anonymizes activity data before analyzing it for travel trends. A school asks parents to verify their identities before giving out student information. These are just some examples of how organizations support data privacy, the principle that people should have control of their personal data, including who can see it, who can collect it, and how it can be used. One cannot overstate…

How to prevent prompt injection attacks

8 min read - Large language models (LLMs) may be the biggest technological breakthrough of the decade. They are also vulnerable to prompt injections, a significant security flaw with no apparent fix. As generative AI applications become increasingly ingrained in enterprise IT environments, organizations must find ways to combat this pernicious cyberattack. While researchers have not yet found a way to completely prevent prompt injections, there are ways of mitigating the risk.  What are prompt injection attacks, and why are they a problem? Prompt…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters