How to strengthen resiliency to manage cyberattacks in an always-on world
The number of cyberattacks and the challenges to manage the resiliency of business-critical processes have grown exponentially in recent years. According to leading research institutes, more than 3 million cyberattacks were recorded globally in 2009. At the end of 2015, that number rose to more than 59 million cyberattacks.1 In addition to the total number of attacks, the complexity and business impact of those attacks have also increased. The extensive consequences globally can be seen across different industries, in many examples that were widely reported across the news and social media channels.
A cyberattack against a large car manufacturer led to production outages with impacts towards the entire value chain. This is the worst-case scenario not only for the company but also for the supply chain network and the customers. Other examples were seen in the public transportation sector or in the hospital environment, with a huge impact on end users. The attacks clearly showed how the business-critical processes depend on continuously available IT-services and how important it is to ensure business continuity based on proven and tested continuity and recovery plans. 2,3
Most often, companies don’t recognize a cyberattack until the impact becomes visible. Therefore, the development of capabilities to proactively define, implement and operate an integrated protection concept becomes one of the highest priorities for CIOs. The key to protect business-critical processes and IT services is the integration of the three areas consisting of IT security, IT service continuity and network security.
The result is a structured and modular approach called a cyber resiliency system. Based on this approach, companies across different industries successfully implemented the IBM Cyber Resiliency Lifecycle by integrating all three areas into a holistic concept to defend and manage cyberattacks.
A look at the resiliency lifecycle
The Cyber Resiliency Lifecycle aims to cover a holistic approach for an end-to-end resiliency concept. It includes five phases: prepare, protect, detect, respond and recover. These are combined to proactively prevent and manage IT interruptions caused by cyberattacks. In every step of the lifecycle, adequate protection and countermeasures are defined to identify and mitigate risks.
The first phase, “Prepare,” is the baseline to systematically define all required steps needed to handle cyberattacks across the organization. These steps include the definition of a business and IT continuity organization including roles and responsibilities, cyber response plans, IT continuity manuals, disaster recovery manuals and concepts for a micro-segmentation of the network. After the completion of the first phase, the organization has prepared the framework to manage a cyberattack in a structured way.
The second phase, “Protect,” works not only to react in case of a cyberattack but also to protect the different business processes and IT services in advance with adequate security concepts based on how critical they are. Therefore, it is necessary to assess and enhance existing concepts related to the access management, backup, restoration and zero-trust network systems and to define, implement and run missing components.
Based on this, the third phase aims to improve the mechanisms to detect cyberattacks as fast as possible. One important aspect is the setup of a state-of-the-art security operation center in a close interlock with network security management, as well as the IT Service Continuity Management to follow the predefined emergency response plans in case of a cyberattack.
Considering that even in the best security concepts, there might be a way to attack the IT services, the capability to respond towards a cyberattack is essential. Therefore, the fourth phase helps to implement cyber threat management and a fast management of changes for new firewall and network policies.
Even the worst case of an IT outage needs to be considered in the Cyber Resiliency Lifecycle. This is covered in the fifth phase, “Recover.” In this phase, all procedures and solutions are included to recover IT services and related business processes based on predefined recovery key performance indicators according to their level of criticality.
Organizations that successfully manage cyberattacks know that the ability to not only automate single systems but also orchestrate the recovery of entire IT services including IT infrastructure and the application stack is critical for disaster recovery management.
Following the Cyber Resiliency Lifecycle helps organizations to address all aspects of a combined security and resiliency system to successfully cope with cyberattacks in an always-on world.