Introduction
Cyber criminals are relentless. Aided by automation, they are able to target any organisation with a digital presence. The reality is that any business, regardless of size or industry, is at risk of a cyber attack. In fact, 39% of UK businesses identified an attack in the past year alone. Dare I mention the undisclosed percentage of businesses that have been breached but haven’t identified it?
Prevention alone is no longer enough for your cyber security strategy. You must prepare for how your business will withstand and recover from incidents such as cyber attack or data breaches.
This is where cyber resilience comes in. Bringing together information technology security, business continuity and organisational resilience. Your cyber security strategy should not stop at ‘how do we avoid such an event?’ but instead delve into the weeds of ‘what do we do if we are attacked?’.
What is cyber resilience?
You’ve heard of the saying ‘hope for the best, prepare for the worst’. Well, this is cyber resilience. It is an organisations ability to prepare for, withstand and quickly recover from a cyber attack or data breach. Your cyber resilience plan should detail not only how you will continue to deliver business operations in the event of a cyber incident, but also how your business will get back to BAU as quickly as possible.
For many years I have talked about ‘defence in depth’. This is a good baseline approach to cyber resilience. In simple terms, it means do not rely on just one tool or process. If you have many layers to your security strategy, you’ll see much less impact if one of those layers fails. I believe now more than ever before that it is essential for businesses to adopt a cyber resilience approach. Not only to better prepare for and respond to cyber attacks, but also to encourage a change in mindset. We need to ensure cyber security is less about meeting a compliance requirement and more about efficient and effective risk management.
To get this right, your business will need to take a holistic approach involving technical measures, people, processes and technology. It’s important to not only have the right tools in place to support your goals, but also the policies and procedures that will help embed security awareness into your organisation’s culture.
Your security toolkit
Cyber resilience is often broken down into 3 core focuses – protect, detect and respond. As we’ve discussed, this includes a cultural shift towards security and compliance, as well as supporting processes. But your organisation can still lean on security tools to help, particularly with the first two – protect and detect.
The security tools I believe are critical investments for businesses of all sizes to effectively minimise their risk of cyber attack and improve cyber resilience are:
1. Endpoint protection
With such a large number of attacks targeting workforces, using an endpoint protection (EPP) tool is critical to help you proactively block attacks and contain a breach if it should happen. EPP solutions have evolved a lot from basic anti-virus software tools and can now also include features for content control, USB blocking, device isolation and much more.
2. Network security
From firewalls to intrusion detection and prevention systems, network security should already be within your existing security investment. These tools are designed to protect your organisation’s network and can provide high-fidelity data – the type that can be indicators of attack that many other log sources can’t give you. If configured correctly, these tools can be the first to trigger an alert to malicious activity.
3. Security Information and Event Management (SIEM)
SIEM is a software solution that aggregates and correlates your security log data from different sources to trigger actionable alerts. Using a SIEM platform can help your organisation monitor its environment for suspicious activity and understand what action needs to be taken to remediate any issues.
4. Backup and disaster recovery
These solutions ensure that data can be recovered in the event of a cyber attack and that your organisation can quickly return to normal operations. Most businesses do not have a defined incident response plan, which can make data loss and cyber attacks harder to recover from.
5. Identify and access management
By controlling who has access to resources and information within your business you can ensure that only authorised personnel can access sensitive data. This can drastically reduce the severity of a cyber incident, as you can limit what data a potential attacker is able to access and exfiltrate.
6. Security awareness training
Designed to educate employees about cyber threats and how to protect not only themselves but the wider organisation. When done well, this type of training is engaging and makes a real difference to your frontline security. When done poorly, it’s checking a box and providing a false sense of security. Security needs to be properly embedded in your workforce culture, otherwise you are taking unnecessary risks.
Conclusion
SIEM is an effective solution for managing security events and incidents. While deploying and managing a SIEM platform yourself is a credible option if you have your own SecOps team, it will still require a significant investment in time, resources and expertise to manage effectively. Outsourcing everything to a third party with a managed SIEM service is a much more affordable and scalable alternative, as your organisation will get access to a dedicated team of security experts who will manage and monitor the platform on your behalf. You can get back to managing other areas of your business and get alerted if there is a genuine security risk that requires your attention.
Ultimately, the choice between an outsourced SIEM service and managing it yourself will depend on your organisation’s specific needs, resources, and budget, but with cyber attacks becoming increasingly sophisticated, businesses need to consider SIEM as a critical part of their security strategy.
Want to know how to enhance your threat detection and response capabilities? Join Defense.com™ at DTX Europe on October 4th-5th at the ExCeL in London.
You can have a live demo of the XDR platform that helps you easily identify, prioritise, and remediate cyber threats.