In this week’s US National Cyber Security Awareness Month post, Mr. Jason Warren, a cybersecurity specialist in the Critical Infrastructure Protection Branch of the USCG Office of Port & Facility Compliance, discusses how building cyber resiliency within an organization can minimize downtime and loss following a cyber incident.
Cyber security resiliency is defined as the ability for an organization to identify, prevent, detect and respond to a process or technology failure, minimizing harm, reputational damage, and financial loss. A strong approach to cyber resilience means building holistic capabilities across risk and security throughout the enterprise.
However, no amount of planning or investment can make an organization’s cyber defenses completely secure, but developing a vigorous resiliency plan may prevent outages of critical systems or unexpected failures.
Organizations should concentrate on the following elements to bolster their resilience:
- Empowering the Employee
User awareness has historically been woven tightly into the governance structure and is a key aspect in building cyber resilience. An empowered employee understands the risk and how they potentially contribute to it, which creates a culture of accountability and trust.
“However, basic or infrequent cyber awareness is sometimes not enough, as the quest for cyber resilience demands a focus on people. We need to begin to accept the limits of technology and become more “people-centric”, creating processes that shape behavior and motivate people to do the right thing.”
- Business Continuity Management
Compromised IT environments are inevitable, and the ability to restore a system via backup data or software is a crucial element in recovery planning. System backups should be updated and tested often in the event restoration is necessary to carry out core business functions. These redundancy measures prove valuable not only in the event of a breach or cyber incident, but also during the recovery phase of a non-cyber safety or security event.
- Incident Response Plan
The implementation of an incident response plan facilitates effective actions in case of a cyber incident. IT risk and security leaders should invest in technical, procedural and human capabilities to detect when a compromise occurs. Providing the tools for first responders to react quickly and investigate the source and impact of breaches, compromise and incidents is paramount. Enterprise knowledge around how to engage efficiently will reduce any duplication of work during an incident. The plan should include updated contact information, structured lines of communication and organized roles and responsibilities. The plan should be tested regularly to ensure its effectiveness.
- Asset Inventory
Until an organization can perform a complete inventory of critical IT/OT systems, it cannot perform an adequate risk evaluation. A complete inventory of systems is critical to understanding what equipment and systems require certain patches, security protections and restoration precedence. Further, an accurate inventory allows critical cyber-dependent systems and services to be prioritized, establishing tolerance thresholds and anticipated timelines for any recovery and restoral efforts.