The focus on cyber resilience has always been highly relevant, and it’s a multifaceted concept that goes beyond mere service continuity. While ensuring service continuity is critical, cyber resilience is also increasingly prioritised by legislators, who view it as an area requiring significant improvement.
Geopolitical changes are driving a new focus on cyber resilience, with legislation emerging that is likely to impact South African organisations.
So says John Stevenson, Senior Product Marketing Manager at Skybox Security, who says: “The levels of exposure to risk that critical national infrastructures (CNIs) are facing in every country, in every domain, is probably higher than it's ever been.”
He notes that the healthcare, financial and telco sectors, as well as a range of digital enterprises, are increasingly considered CNIs too, and that new legislation is being drafted around the world to address their growing risk. “For example, the legislation that is coming into effect on 25 January is the Digital Operational Resilience Act (DORA), which recognises that financial institutions and technology providers to those financial institutions, including payment gateways, credit rating organisations and underwriters, across the EU need to up their game from a resilience point of view, because they are at risk.”
Stevenson notes that new legislation will be increasingly stringent: “For example, organisations are required to perform digital operational resilience testing that is formalised and risk-based before any deployment or any redeployment of new or existing infrastructure components. This means that any equipment within the organisation should undergo a risk-based assessment prior to implementing any changes.”
In the South African context, the Council for Scientific and Industrial Research’s (CSIR) national cyber security survey, issued in October, reveals that 88% of organisations experience between one and five cyber attacks annually, often resulting in data breaches and financial losses. Recent cyber attacks targeting critical national infrastructure, such as the National Health Laboratory Service and Transnet, have highlighted the vulnerabilities of South Africa’s institutions to cyber threats.
“Whether organisations like it or not, they're being forced to consider cyber resilience seriously both for legislative and for regulatory reasons,” Stevenson says. “However, in many cases, organisations are faced with very large, very complicated networks. To comply with new legislation and build cyber resilience, they need to understand their risk, put the right measures in place, learn from incidents and implement ongoing processes for testing their resilience.”
Stevenson says: “A Skybox-based continuous exposure management approach is able to provide exactly the kind of infrastructural capability the organisation needs to help them manage and improve their cyber resilience. The foundation of the Skybox exposure management platform is a dynamic, three-dimensional, security model of the entire hybrid network, based on an inventory of all the assets in the estate, how they all connect to each other, and what flaws or failings they have from a security perspective. This is essential because being cyber resilient starts with knowing what you’ve got to protect.”
For attack surface management, Stevenson says you need to go beyond simply identifying assets exposed to the internet. “Skybox attack service management is exceptionally comprehensive and nuanced: it explores where an attacker could move through the network and how they should be stopped. This is something you can only do if you understand the network itself to the degree we do, so a solution like Skybox's Continuous Exposure Management platform gives you a way to deal with the breadth of possible exposures that you might have to face. It means not just looking at vulnerabilities, it means looking at things like misconfigurations and weak security controls across the IT estate.”
Stevenson says another touchstone of resilience is a risk management framework. “That means you need to understand what all your assets are, be able to classify and prioritise them, and know who is in charge of them. Once you've got that in place, then you need to be able to implement risk-based prioritisation. To accurately assess risk, you need to be able to perform multifactor prioritisation based on a combination of the severity of the vulnerability, its exploitability and, crucially, the importance of the business asset, and its exposure across the network. In most large organisations, there are simply too many vulnerabilities for them all to be addressed promptly, so this type of multifactor prioritisation is the only way to assess the risk accurately.
“One of the key attributes of cyber resilience is learning from what's happening, either what could happen or what has happened, and recycling that learning. A good Continuous Exposure Management Platform gives you exactly that capability, right down to the deep network level. Building on that, it delivers practical, addressable solutions and proactively suggests ways to mitigate the risks,” he says.
To learn more about Skybox Security, contact info@solid8.co.za.
Share