How to balance long-term resilience and short-term threat prevention

How to balance long-term resilience and short-term threat prevention

The coronavirus pandemic has provoked a seismic shift in the way businesses operate, with the long-term repercussions as yet unknown.

For cyber security teams, the threat landscape evolved overnight. Our latest DTX Insight Survey revealed that 53% of respondents have found effective cyber security during rapid business change to be their biggest challenge, with the majority finding it difficult to adapt their cyber strategy.

With the mass adoption of home working technology and increased activity on both online services and customer-facing networks, cyber attackers have a wealth of openings to exploit. Cyber teams are now working vigilantly to secure systems and maintain the human firewall from falling victim to the latest wave of corona-based scams.

According to Cloudflare, hacking and phishing attempts have increased by 37% month-on-month.1

With cyber budgets tightening, as all businesses seek to manage cashflow, teams are having to do more with less and find creative ways to solve problems.

A potential issue, that has become clear in our research for the DTX Europe programme, is how easy it is to forego long-term data security in the rush to firefight the influx of threats.

Business continuity and resilience is fundamental factor for cyber security, but it has never been more critical than in our current environment. As businesses continue to adapt their revenue models and enterprise structure to meet the new normal, they are also left planning for “what-if” scenarios that were unthinkable even two months ago.

To protect businesses from significant disruption to operations and services, cyber teams must dedicate time to practical contingency planning for critical systems and core operations.

This will require a shift of capacity to mitigate risk toward mission-critical systems by implementing new controls, consistently testing incident response and continuity plans and increasing monitoring efforts.

Raef Meeuwisse argues that “the organisations that will survive the fallout from this non-technical virus will be the ones that focus on understanding how to isolate and insulate their core operations and services”.2

In this new climate, time-to-recover may become the most significant metric by which cyber effectiveness is measured. Standard security metrics will remain critical as they are key to enhance visibility, benchmark efforts and demonstrate value. But recovery metrics post incident will provide senior executives with the reassurances needed that operations can bounce back and avoid excess disruption.

If cyber teams can offer much needed resilience for business operations in these trying times and support the future of work, they can showcase just how significant their value is to the smooth running of an enterprise.

Amanda Finch notes that using “the current lockdown to prepare, instead of simply reacting to immediate needs, will be key to security teams’ ability to weather the challenges ahead”.3

While we wait to hear stories of how organisations managed the competing interests of short-term protection and long-term resilience, three things are clear to us:

  • Practical contingency planning for critical systems and core operations has never been more essential. Organisations must ensure that they are guarded from future disruption and adjust technical disaster recovery plans as needed.
  • The time-to-recover from an attack is what the board truly cares about at the moment. While the fundamental metrics of a cyber security programme continue to remain crucial, all eyes are on how quickly the business can bounce back from the wave of threats incoming.
  • The Chief Information Security Officer role could well become the Chief Information Resilience Officer in the near future.