Cyber resiliency 101: Required learning for all
Cyber threats like ransomware, which made its very first appearance in 1989 and has been on security teams’ and law enforcement’s radar for the past 7 or 8 years, are not fads. It’s not going away. In fact, the cash-rich ransomware industry is flourishing. As a result, organizations are moving from the era of possibility to the era of probability of a successful cyber breach. It’s not hyperbole to say that it’s no longer a question of if an organization will face a cyberattack but rather when.
Protecting against ransomware is a top priority for most organizations as they look to protect themselves against lost productivity, lost brand equity or trust, and lost revenue. Protection against ransomware should be a 2-pronged approach with a focus on security and resiliency:
- With cybersecurity, the objective is preventative in nature. “Lock the doors to keep any bad actors out in the first place.”
- With cyber resiliency, the objective is to prevail in the event of a cyber breach. “The odds are we will be breached. We need to plan and prepare in order to continue operations despite a breach.”
It’s important to note: Organizations should work towards being both cyber secure and cyber resilient.
In the past, business continuity was comprised of 3 protection practices. We now have a 4th protection practice. I will start by reviewing the 3 well-established protection practices and then talk about where cyber resiliency fits in.
- Backup: Protects files, folders, drives against corruption or accidental (and in some cases intentional) deletion.
- High availability: Protects against a larger, localized outage or event — for example, an outage within a site: a server or a storage array goes down, or you lose power to a portion of the data center.
- Disaster recovery (DR): Protects against an even larger outage — for example, an outage that affects an entire site, such as a catastrophic disaster like a fire, flood or earthquake that takes out an entire data center.
- Cyber resiliency: The newest protection practice under the business continuity umbrella. While these cyber resiliency practices are new, they shouldn’t be too tough to understand in that cyber resiliency practices are a blend of existing backup and DR practices, which is the reason why cyber resiliency is seated between backup and DR. Cyber resiliency is similar to backup in the protection method; it involves point-in-time copies. Cyber resiliency is similar to DR in the size and scale of the data loss. While the data center may not be lost due to a natural disaster — the building is still standing, the power is still on — a virus can cause widespread damage similar to a losing a site, requiring DR-like restore operations.
Thankfully, the US National Institute of Standards and Technology (NIST) has published a “Cybersecurity Framework” for safeguarding critical infrastructure. The framework integrates industry standards and best practices to help organizations develop or improve their cyber protection measures.
The NIST Framework is made up of 5 functions. You can think of these functions as steps, but notice that they are in a loop, signaling that there’s an expectation of continuous updates and improvements over time. Keep in mind that cyber resiliency is all about planning and preparing before a breach occurs. Not surprisingly, the first 4 functions — identify, protect, detect and respond — focus on planning and preparation to ensure a successful recovery.
Anyone can download and use the NIST Framework and corresponding white papers to aid them in their self-directed cyber-protection efforts. For those who would rather not go it alone, and would prefer some outside assistance and expertise, IBM System Lab Services has built the Cyber-Incident Response Storage Assessment (CIRSA) using the NIST Framework to expedite clients’ cyber resiliency protection efforts. For organizations that would like assistance and expertise, the CIRSA offering is a great vehicle for starting down the path to cyber resiliency.