What is Cyber Resilience and how can you achieve it?
Self-Healing: The only true resilience
What is Cyber Resilience and how can you achieve it?
Self-Healing: The only true resilience
As the cyberthreat landscape darkens each day, the term, cyber resilience is increasing in importance.
A cyber resilient company is in the best position to prepare for, respond to, and recover from a cyberattack. Being resilient, however, means much more than attack prevention or response. A cyber resilient enterprise can continue to function during an attack and is agile enough to adapt and recover from the incident.
While a protection-focused approach may have worked in the past, today’s enterprise must now move to adopt a strategy that is based more on endpoint resilience which, beyond protection, emphasises adaptability, exposure reduction, information gathering and discovery.
Cyber resilience transcends technology and can protect the interests of everyone involved, including the C-suite, staff, shareholders, and the board of directors.
Resilience comes down to having a self-healing capability. Think of it this way: if your company must rely on an external source to resurrect you, then you can’t call yourself resilient. Only those organisations with a self-healing property (being able to recover without human intervention) can be truly classified as resilient.
Ultimately, if the organisation has its eye on becoming more resilient, then it must incorporate technologies with the capacity of self-healing. Running around putting things back together isn’t the preferred state of a resilient enterprise.
SELF-HEALING: THE ONLY TRUE RESILIENCE
In the hardware world, we buy and deploy redundant systems: multiple firewalls, routers, switches, clouds, and cables. We do this because we expect our hardware defences to fail; there’s even a name for it: “failover”. The other term used often is High Availability, which just means more hardware deployed for failover.
In the software universe, the equivalent is resilience. But unlike hardware, you can’t just have clones of the same tools, controls, apps, and agents that play understudy to the primary control. When the primary control fails, the clone steps into the spotlight is not an idea that exists with software.
So, enterprises need to rely on resilient software controls, apps, and agents. But the only way you can claim you are resilient is if you have a self-healing capability. Without it, you don’t have the replacement, so there is no failover. It’s a crack in your security fabric.
IT ALL STARTS WITH A FRAMEWORK
While this resiliency may sound daunting and difficult to achieve, thankfully there is an existing framework from which the enterprise can leverage to improve their resiliency. The NIST Cybersecurity Framework (NIST CSF) outlines specific actions that organisations can perform to see success in their cyber security programs.
The five pillars or actions of the NIST CSF are:
IDENTIFY
- Identify each endpoint for a comprehensive inventory
- Identify authorised and unauthorised hardware and software
- Prioritise endpoints based on classification, criticality, and business use
- Benchmark device controls against security standards and policy
- Quantify risk based on device vulnerabilities and exposures
- Catalogue device, data, user, and application relationships across the end point population
PROTECT
- Gain physical access control and geofencing for distributed endpoints
- Freeze, delete, and wipe devices through remote commands
- Enable secure remote access systems (e.g. VPN) on all endpoints
- Validate and restore encryption for at-risk data
- Automate validation for data integrity in software, firmware, and cloud storage apps
- Control communication from endpoints to the corporate network or domain
- Authorize telemetry analysis and remote command for maintenance and repair
DETECT
- Establish baseline behaviours for users, data, devices, and applications
- Unify asset intelligence across the device population
- Monitor user activity and enforce role-based security controls
- Score high-risk users with access to sensitive data
- Access geo-tracking and user-device awareness
- Detect and log configuration changes
RESPOND
- Utilize dynamic remediation and control changes
- Perform role-based access control for in-console response commands
- Deliver continuous device logs and forensic documentation
- Isolate a device or group of devices for containment
- Push control changes to prevent spread of detected compromise
- Command hotfixes to mitigate indicators of exposure (IOEs)
RECOVER
- Enforce policies within device controls
- Monitor device use and locally accessed sensitive data
- Control incident investigations, digital forensics, and documentation
- Augment and push new controls for endpoint hygiene
- Access documentation instantly for continuous improvement to endpoint hygiene and data protection
A BLUEPRINT FOR RESILIENCE
Each focal point of the NIST CSF is designed for resilient cyber defence and protection and aims to ensure data confidentiality, integrity, and availability. Much of the work that’s needed to be resilient is simply doing the basics: patching, strong authentication, control monitoring, etc.
What’s practical about something like NIST CSF (or CIS Top 20 or ISO or any others for that matter) is that it is a blueprint. Just like a blueprint to a building, the CSF is like having the architect’s plans for a well-engineered structure.
With NIST in particular, the goal is resilience —especially in the protect and recover sections. The Protect (initial resilience) and Recover (learn and grow more resilient) steps are emphasised as the target/goal.
Learn more about Absolute Persistence technology.
Read more insights…
blog
Panasonic’s latest TOUGHBOOK G2 and 33 tablets push the boundaries of rugged computing
Panasonic’s new TOUGHBOOK G2mk2 and 33mk3 provide the modern mobile worker with a perfectly balanced solution, regardless of the task, application or environment.
Case Study
Panasonic TOUGHBOOK indispensable for Circet field service engineers
Circet is the European market leader in building and maintaining the vital telecom fiber optic networks. In the energy world, they focus on smart energy, such as charging stations for electric vehicles and digital electricity meters in office and residential buildings. Circet Benelux is an installation company for all major players in the market. Especially in the smart energy business unit, the company makes widespread use of Panasonic's TOUGHBOOK notebooks and tablets.
blog
Celebrating the Women of Panasonic Connect Europe
International Women’s Day provides us all with an opportunity to celebrate the key women in each of our lives, and how they positively impact society, whether it’s in one company, a department, an industry or the wider world. At Panasonic Connect Europe, we’ve spoken to five fantastic females on what it means to be working at the forefront of innovation and technology.
article
THE BEST IN RUGGED JUST GOT BETTER
The latest Panasonic TOUGHBOOK G2 and 33 set a new standard for rugged tablets “Alder Lake” processing power, security, and modularity.
Sorry there was an error...
The files you selected could not be downloaded as they do not exist.
You selected items.
Continue to select additional items or download selected items together as a zip file.
You selected 1 item.
Continue to select additional items or download the selected item directly.
Share page
Share this link via:
Twitter
LinkedIn
Xing
Facebook
Or copy link: