Resilience and cybersecurity: strategies for a world of challenges

What level of preparedness do we have in case we are a target of a cyberattack?

Cybersecurity and digital transformation must work together because cyberattacks on information systems are increasing as more companies move their services to the cloud.

Latin America is no exception, with cyberattacks increasing by 24% by 2021. In February 2021, according to CrowdStrike, the e-Crime (cybercrime) rate rose by 124%, mainly harming the engineering and industry sectors.

This is not to say that companies should not employ technology in their day-to-day operations. On the contrary, there is a motivation for companies to make cybersecurity a top priority.

As we say at A3Sec, "it's no longer about whether or not it's going to happen to you, it's about what you're going to do when it does."

Strategy and resilience in cybersecurity

We consider strategy as making a series of decisions in order to achieve an objective within a given time frame. To do this, it is essential that our strategy has a series of steps that adapt to changes as they occur.

On the other hand, resilience is the ability to adapt to circumstances that may lead to undesirable outcomes. It is the ability to bounce back and learn after a problem.

What do these two words mean in cybersecurity?

A business with resilient strategies means that it has a set of steps in place which helps it to resist and learn from changes in the environment and avoid negative outcomes.

However, we can go a step further by creating anti-fragile cybersecurity models.

Technological resilience boils down to planning, using what we have learned and what the environment has taught us to add elements and capabilities that allow us to function and cope with attacks.

It is also important to be informed of what is happening in your organization and in the world in general, as well as to understand that reality can change due to unforeseen difficulties and problems. In this way, you will face challenges effectively and have a better adapted strategy the next time you are faced with a similar situation.

Cybersecurity tips for businesses

At A3Sec we support the phrase: "You can protect what you can see and you can improve what you can measure".

That is why it is necessary to have live data (dashboards) to observe what is happening as it helps us to draw conclusions and improve our cybersecurity approach, which is impossible to do with a static picture that says nothing.

By this point you will be convinced that information security is important in the digital world, however, we know that defending our entire system can be a complicated challenge.

For this reason, we have prepared six tips that we follow and that have helped us to shield companies from cyber-attacks.

Tip #1: Recognize your environment

It is essential to identify the environment we want to safeguard before implementing any plan. To achieve this, we will need to gather data such as the following:

What is the total number of users at risk?
How many devices are compromised?
What is the total number of services that can be accessed over the Internet?
How many vulnerable systems have major flaws that we need to pay more attention to?
How many sites are there and what certificates do they have?
What is the total number of IP addresses that have been exposed?

Tip #2: Recognize the types of attacks you face

After you have completed the above steps, you will need to learn more about the type of attack your environment is vulnerable to. You can help yourself by answering the following questions:

What is the time it takes to become aware of an attack
In a given period of time, how many attacks occur? For example, during Black Friday, e-commerce is at its busiest, and this is when the volume of attacks spikes.
What is the average time it takes to detect an attack?
What type of attacks do you receive in a given period?
Where do the attacks come from and what means do they use to attack? For example, emails, attempts on your website, etc.

Tip #3: Identify the impacts that an attack can cause

We must identify and concentrate our efforts on the attacks that will have the greatest impact on our business. This will help us develop actions focused on the user, technology, control and communication. To do this, you can answer the following:

How long on average does it take to solve a problem?
What have been the different types of impacts over a period of time?
How much does each event and each type of impact cost?
How many impacts are there per impact area? Whether it is a reputational, economic, productivity, health or legal issue.
How long on average does it take to recover?
How large is the impact or how often does it occur?

Tip #4: Reduce the time it takes to detect and respond to an attack

In cybersecurity terms, Dwell Time is the time it takes to respond to an attack and recover. To reduce the reaction time to an incident, there are a number of phases to consider.

Prior to the initial attack period, there are two phases. The first phase involves the development of tactics, techniques and procedures to counter an attack. The second phase includes the addition of controls, as well as the development of detection and response capabilities to help limit the attack surface.

The third phase occurs after the attack, when the company begins to investigate and must be able to detect the attack. Finally, the fourth phase should utilize the processes and automations that have been built to contain and respond to threats.

Tip #5: Simulate an attack environment

By simulating environments where our system is attacked we will have a target for improvement if we find a weakness before it expresses itself in the overall system.

For example, Netflix has developed a series of packages that can help a lot in resilience issues this software is based on the Monkey Chaos model, which simulates numerous attacks that could bring them down. This model disconnects network elements and environments making the company learn to recover quickly from cyber-attacks.

Causing chaos means that we will always fall, but because we have learned to get up, we will respond quickly, and as a result, we will generate more confidence in our users because we will always be up and running.

Tip #6: Pay attention to what you can't see

We must remember that the most successful cyberattacks are those that are out of the ordinary.

The mistake we often make is to focus on what we observe, but what about what we don't observe?

The concept of survivorship bias, introduced by the mathematician Abraham Wald, comes into play, which implies that we should pay attention to what we do not see and protect ourselves from it, since this may be the reason why many businesses fail in terms of security.

Conclusions

Considering that we are surrounded by danger and that attacks on digital infrastructures are a part of life, this is the reason why we use cybersecurity. Both provoked and unprovoked damage to our infrastructure is possible, and both can have a detrimental impact on our business.

We must plan with measurable objectives in mind. Using precise measurements related to reality, we can identify obvious states of our environment.

Detection, reaction, recovery and continuity are important parts of the cybersecurity process. That's why it's important to keep the following in mind:

Recognize your environment.
Identify the types of attacks.
Identify the impacts that can occur.
Reduce the time it takes to detect and respond to an attack.
Simulate attack environments.
Chaos should be viewed as a preventative and learning culture.

We can strengthen our resilience while chaos persists by establishing recovery models and continuing to learn. It is important to remember that there is always a better way to address a problem, and that evolution is impossible without learning.