Cyber Resilience

What is Cyber Resilience?

Cyber resilience is an organization’s ability to prepare, respond and recover from cyber attacks or other operational technology (OT) incidents — while maintaining the confidentiality, integrity and availability of systems and data. It is a comprehensive approach. that combines all of the best practices in security with technologies and processes to mitigate risks and minimize the impact of cyber threats:

• It uses proactive measures
• It includes incident response plans
• It includes continuous monitoring
• It prioritizes risks based on potential impact

Security events are inevitable. How you handle and evolve from them equates to your resilience.

Why is Cyber Resilience Important?

As cyber attacks grow more sophisticated and the interconnectivity of devices and networks expands, organizations across all sectors and sizes face heightened risks. A single breach can have far-reaching consequences, from financial losses to reputational harm and regulatory penalties.

Consider the July 2024 outage caused by a software update. The World Economic Forum review of the event, “Global IT Outage: The Cyber Resilience Alarm Heard Around the World,” stated: “The incident, which affected 8.5 million Microsoft Windows devices, led to widespread disruptions of airlines, banks, broadcasters, healthcare providers, retail payment terminals and cash machines globally. The cost of the outage is estimated to top $1 billion.”¹

Implementing a robust strategy is important for multiple reasons:

• Protection against cyber threats: Resilience helps organizations withstand and recover from cyber-attacks, including malware, ransomware, and phishing, reducing the impact of these threats on operations and data security.
• Business continuity: Resilience helps organizations withstand and recover from cyber-attacks, including malware, ransomware, and phishing, reducing the impact of these threats on operations and data security.
• Regulatory compliance: Many industries have strict regulations regarding data protection and cybersecurity. Being cyber resilient helps organizations comply with these regulations and avoid fines or legal issues.
• Maintaining reputation: A cyber incident can damage an organization’s reputation, leading to loss of customers and revenue. Resilience helps protect against these risks, preserving the organization’s brand and customer trust.
• Protecting sensitive data: It helps safeguard sensitive information, such as customer data and intellectual property, reducing the risk of data breaches and the associated costs and reputational damage.
• Adapting to evolving threats: Cyber threats are constantly evolving, and being cyber resilient means being able to adapt and respond effectively to new and emerging threats, ensuring ongoing protection.

Cyber Resilience Vs. Cybersecurity

Cybersecurity is based on a mindset that an organization can take measures to gain 100 percent protection from cyber attacks. It’s a lofty goal that must be pursued. Yet, it is nearly impossible to achieve as new attack vectors continuously appear and sophisticated threat actors leverage the latest technologies to circumvent protective tools and measures. This is where cyber resilience takes over to keep operations running.

While cybersecurity is a critical component, cyber resilience focuses on the idea that systems should be able to continue operating and/or bounce back quickly if a security breach happens, according to the Pacific Northwest National Laboratory (PNNL).²

As early as 2010, Carnegie Mellon University’s Computer Emergency Response Team and the MITRE Corporation were among several organizations developing the concept of cyber resilience as a way to manage through cybersecurity breaches.

Cyber resilience developed as a national priority in the United States in 2013 with the Presidential Policy Directive (PPD-21) on Critical Infrastructure Security and Resilience. The directive set a strategy to strengthen the security and resilience of essential facilities and identified 16 critical infrastructure sectors. PPD-21 tasked the U.S. Department of Homeland Security (DHS) and other national agencies to collaborate on managing cyber risks in these sectors via cyber resilience.

What is a Cyber Resilience Framework?

A cyber resilience framework is a structured approach or set of guidelines that organizations can use to enhance their ability to withstand and recover from cyber threats. These frameworks typically include best practices, standards and processes for assessing, building and maintaining resilience.

Cyber resilience frameworks often incorporate elements of cybersecurity, risk management, business continuity, and incident response. They provide organizations with a comprehensive framework for addressing cyber threats, including prevention, detection, response, and recovery.

Some common frameworks include the NIST Cybersecurity Framework 2.0 (CSF 2.0), ISA 99/IEC 62443, and the Cyber Resilience Review (CRR) from the Department of Homeland Security. These frameworks provide organizations with a structured approach to improving their cyber resilience and reducing their overall cyber risk.

How Does This Framework Operate?

Cyber resilience works by implementing a comprehensive framework that incorporates multiple layers to fortify an organization’s defenses, drawing on best practices from MITRE and NIST. Here’s how it typically operates:

1. Anticipate: Organizations regularly identify internal and external vulnerabilities and prioritize their most valuable assets. This requires collaboration between IT and Security teams to establish an end-to-end approach that connects systems, processes, and policies.
2. Withstand: A plan is put in place to monitor for unusual activity that could indicate a malicious activity or breach. This includes using security tools like Security Information and Event Management (SIEM) and Threat Detection and Response. Organizations also employ Zero Trust Principles and enforce Identity and Access Management (IAM) policies like Multi-Factor Authentication (MFA).
3. Recover: Backup is a critical component. Organizations ensure that their restore points are clean, immutable, and verified, allowing for a quick recovery and minimal disruption to business operations.
4. Adapt: Organizations continually evaluate their processes, policies, and systems to prevent repeated and evolving internal and external threats. This adaptability is crucial for staying ahead of cyber threats and maintaining a strong resilience posture.

New NIST publication aids framework implementation: NIST has recently published Implementation Examples that help to clarify how organizations can apply NIST Cyber Security Framework (CSF) 2.0 within their enterprise or agency. The 30-page document provides more than 100 specific implementation examples, broken down by the core corresponding elements of the NIST framework – Govern, Identify, Protect, Detect, Respond, and Recover.

The NIST Implementation Examples incorporate the need to involve numerous stakeholders beyond IT, including management, operations, internal auditors, legal, acquisition, physical security, and HR. This aligns with the World Economic Forum’s view of how to achieve cyber resilience

“To be cyber resilient, organizations need to first and foremost identify business-critical processes and ensure the continuity of those even during cyber incidents. This has to involve continuous conversations with business leadership to ensure alignment with the overall business strategy while conducting real-time prioritization.” – World Economic Forum

Go deeper: “A Mapping Guide to NIST CSF 2.0”

NIST CSF 2.0 is the latest iteration of one of the most followed management approaches to cybersecurity risk in the world. This mapping guide was developed to bridge the gap between 2.0’s theoretical underpinnings with practical, actionable steps for compliance.

Challenges of Cyber Resilience

Implementing resilience strategies in today’s digital landscape poses several challenges. Effectively managing toward resilience is complex. It necessitates understanding and addressing a broad array of interconnected systems, processes and technologies. This complexity can be overwhelming for organizations with limited cybersecurity resources or expertise.

Another significant challenge is the rapidly evolving threat landscape. Coupled with resource constraints such as budget, expertise, and technology, it can be difficult for organizations to stay abreast and adapt their defenses accordingly.

Additional challenges include:

• Rapidly evolving technology and infrastructure
• Lack of standardized frameworks and guidelines
• Complexity of emerging technologies, such as artificial intelligence, IoT and cloud computing
• Insider threats and employee negligence
• Geopolitical and regulatory changes
• Limited cyber threat intelligence
• Organizational silos and lack of collaboration
• Inability to identify and prioritize cyber risks due to:
  • Technology gaps
  • A lack of data integration

How Forescout Can Help

In today’s ever-evolving threat landscape, cyber resilience is critically important. Forescout offers cutting-edge solutions that empower organizations to proactively defend against cyber-attacks and minimize the impact of potential breaches.

Forescout solutions provide comprehensive visibility, control, and orchestration across all network-connected devices. This ensures that organizations can effectively manage their security posture and stay ahead of cybercriminals.

Choosing Forescout products brings a range of resilience benefits including

• Real-time device visibility: Gain agentless visibility into all IP-connected devices, instantly classifying them and assessing their compliance and risk upon network connection. This feature provides passive profiling for sensitive systems, continuous monitoring for situational awareness, and a real-time inventory of all devices across your enterprise without disrupting critical processes.
• Automated policy enforcement: Enforce and automate Zero Trust policies for least-privilege access for all managed and unmanaged devices across your extended enterprise, including IT, OT, IoT, and IoMT devices. Apply policy-based controls to enforce device compliance, proactively reduce your attack surface, and rapidly respond to incidents. Automate compliance assessment and initiate remediation workflows to ensure compliance with internal security policies, external standards, and industry regulations.
• Network segmentation: Simplify dynamic segmentation for all cyber assets to minimize attack surface and regulatory risk. Streamline segmentation across your enterprise for compliance, visualizing real-time traffic and unifying policies. Quickly create new zones and groups, isolate insecure traffic, and implement Zero Trust principles confidently. Simulate policy changes to assess impacts and reduce operational complexities and costs with simplified policy development.

Schedule a demo

¹The World Economic Forum, July 24, 2024, “Global IT Outage: The Cyber Resilience Alarm Heard Around the World”. Accessed September 19, 2024 from the following URL: https://www.weforum.org/agenda/2024/07/global-outage-it-cyber-resilience-alarm-world/
²Pacific Northwest National Laboratory, Cyber Resilience. Accessed September 19, 2024 from the following URL: https://www.pnnl.gov/explainer-articles/cyber-resilience#:~:text=While%20cybersecurity%20is%20a%20critical,if%20a%20security%20breach%20happens.