By Modeen Malick, Principal Systems Engineer at Commvault
While there are a variety of cybersecurity frameworks that exist, all of them in some way allude to better resilience outcomes. The most commonly adopted among these frameworks is the NIST Cybersecurity Framework, which provides guidance and best practices for private sector organisations to follow to improve information security and cybersecurity risk management.
The framework is designed around five legacy pillars – identify, protect, detect, respond and recover – which shape the thinking of decision-makers and security experts who acquire the technology to protect and defend enterprises and integrate it into environments.
However, to achieve cyber resilience in the modern era of data, Chief Information Security Officers (CISOs) are defined by two personas – the first being the security architecture and engineering persona, which is all about developing, implementing, and enforcing security policies to protect critical data.
The other, emerging persona is centred on risk, governance and compliance and is becoming more important than ever as recent European legislation, such as the Digital Operational Resilience Act (DORA), requires that CISOs pivot slightly towards regulations.
Legislation such as DORA requires that organisations not only have a robust plan for recovery in place but also the ability to test and practice this recovery to prove that they are ready for a potential breach.
Evolving priorities
With this in mind, CISOs have several evolving priorities to focus on, which map neatly into the pillars of the NIST Cybersecurity Framework. These are:
- Track known risks and “Know Thy Assets”: Because data is the new oil, organisations must know exactly what their assets are by having a clear list of critical applications.
- Address the “Data Custodian” paradox: This requires working with system owners and owners of data within different lines of business and ensuring that they put the right governance in place.
- Drive security awareness: Driving security awareness across all layers of an organisation is paramount as humans are often the weakest link in an IT security strategy. It is important to educate people to understand, identify and avoid cyber threats.
- Map out Survival Time Objective: This is a key priority as it determines how much time the IT department requires to recover critical data after a disaster. This represents how long the enterprise can survive without IT services and infrastructure.
- Prepare for upcoming challenges: CISOs must be prepared for how Artificial Intelligence (AI) and generative AI will affect their approach to security. Threats such as Adversarial Neural Networks that can result in data poisoning are a reality.
- Taking action: Additionally, from a cyber resilience perspective in the modern era of data, CISOs should be paying attention to action in three pillars, namely application stack resilience, infrastructure resilience and data resilience.
Over the past three or four decades, most organisations have been investing in infrastructure resilience, for example, firewalls, intrusion detection systems or network detection tools. However, a greater focus now needs to be placed on application stack resilience and data resilience.
Cyber resilience can effectively be achieved by adopting a platform that can meet the complexity and needs of the modern enterprise. This platform must ensure operational recovery through comprehensive data protection support with built-in privacy controls to control access to data from immutable backup targets.
Furthermore, it must deliver Disaster Recovery (DR)with auto-recovery capabilities that deliver efficient data replication, one-click failover orchestration and recovery readiness validation. Lastly, it should enable simple, secure and rapid cyber recovery, as well as a continuous capability to test this recovery and ultimately cleanroom recovery to conduct forensic analysis.
Cyber resilience is a comprehensive approach to cybersecurity, emphasising the ability, preparedness, and adaptability to effectively navigate and recover from cyber threats and incidents. Considering the frequency and sophistication of today’s cyber threats, cyber resilience should be a top priority for all organisations.
