Subscribe
About

Why resilience is crucial in cyber security

Forget moats and walls – being cyber secure, like maintaining your health, is about resilience.
  • Through adopting resilience as a guiding principle in cyber security, you can mitigate damage and speed up recovery.
  • A company should develop an understanding of the type of breaches it is susceptible to and deploy measures to prevent and, when required, detect and respond to accordingly.
  • Cyber security resilience is the cornerstone of a successful cyber security strategy, made possible by next-generation cognitive technologies.
  • Cyber security resilience is more comparable to a healthy body that, from time to time, must face disease or injury, and is incredibly useful when the situation calls for detection, response and recovery.

Prevention is better than cure or so the saying goes. It is considered a fundamental principle of modern healthcare. For example, if you catch something before it becomes a serious problem, you could enjoy a long and healthy life. However, the COVID-19 pandemic has demonstrated that even with diligent application of preventative measures, breakthrough infections still occur and when they do, your general health significantly affects the severity and outcome.

Lukas van der Merwe, Specialist Sales Executive: Security at Gijima.
Lukas van der Merwe, Specialist Sales Executive: Security at Gijima.

How does the analogy of healthcare link to cyber security? Gijima, as a leading cyber security provider, believes that good cyber security isn't only about prevention, but requires increased focus applied to detection and response to be resilient.

"Resilience is about balance," explains Lukas van der Merwe, Specialist Sales Executive: Security at Gijima. "Prevention remains vitally important – you must attempt to stop attackers before they achieve success. The challenge is that the increased frequency and complexity of cyber attacks suggests that a breach is almost inevitable. This is where the healthcare comparison becomes relevant. It doesn't matter how well you look after yourself – you are bound to catch an illness or suffer injury. You cannot stay 100% safe, but you can build your resilience to mitigate damage and speed up recovery. The same with your cyber security system; you have to build into it a strong element of resilience."

Time is on criminals' side

Like a sneaky virus, it is often difficult to immediately discover a breach, especially if it’s the first time it hits. Dwell time – which is the amount of time between a breach and detecting that breach – can vary considerably. Some estimates go as low as 30 days, while others speak of dwell times lasting more than a year.

Dwell time depends a lot on the type of breach, the target and the criminals. For example, it took a year before the 2019 breach that hit the Texas-based IT firm, SolarWinds, became known internally and then an average of 95 days for each SolarWinds customer to detect subsequent breaches using that attack. Some attacks vectors, such as ransomware, are immediate and very visible, while other attacks benefit from keeping a low profile. Increasingly, criminals will combine different strategies.

Van der Merwe explains: "You should understand the type of cyber risk you face as an organisation and deploy measures to prevent those attacks. However, to become resilient, you need to look beyond prevention, because once someone gains access to your systems, the damage can increase exponentially, inflating costs. Many companies don't know how they were breached or exactly what they lost. As a result, they end up wasting valuable resources in an attempt to regain control. The end goal should therefore be to achieve resilience despite cyber attacks."

Resilience through managed security

Despite the exponential increase in cyber threats, technology and service providers managed to keep pace due to the development and adoption of cognitive technology integrated into managed security services. “Gijima has a case study that demonstrates how,” Van der Merwe tells the story: "Midway through 2019, ransomware was identified at one of our customers. At the time, next-generation technologies were not yet deployed and the process to investigate, inform and take decisive action took long enough to allow the ransomware to spread. Following this incident, the security technology deployment roadmap was accelerated and included the adoption of next-generation cognitive capabilities and automation."

Later that same year, the same client experienced another ransomware attack. But this time, with Gijima's support, they were ready.

"We were able to observe, using expert skills and mature processes, how these technologies would improve their resilience. Within minutes, the investigative process was concluded, the threat identified and the automated incident response process initiated. The entire life cycle of this event was less than an hour, with no impact to the business."

Cognitive security creates resilience, and resilience is the cornerstone of a successful cyber security strategy, made possible by next-generation technologies such as AI and SOAR (security orchestration, automation and response).

Don't think of a wall or moat that keeps barbarians at bay. Resilience is more comparable to a healthy body that, from time to time, has to face disease or injury. It develops an awareness that can lead to prevention and is incredibly useful when the situation calls for detection, response and recovery.

What is the best way to bring this resilience into your company? In the next article, Van der Merwe will continue to share his experience and unpack the benefits of managed security services versus doing it all yourself. But suffice to say, a resilient organisation is your best bet against cyber criminals and the damage they bring.

Learn more about cyber resilience and the modern security practices that make it possible at the upcoming Gijima Cybersecurity Resilience Webinar. Join Gijima on 3 November 2021 and discover what resilience means to you and your business.

Register at https://www.itweb.co.za/microsite/gijimabusinessresilience/webinar

Share

Editorial contacts

Roberta Gumede
Chief Marketing Officer (Gijima)
(010) 449 5000
Thamsanqa Malinga
Communications Specialist (Gijima)
(010) 449 5000 / (083) 301 7878
Thami.Malinga@gijima.com