Resilience in a business context is often closely associated with continuity. If something happens or there is an outage, businesses rely on the principles of failover and redundancy to keep systems up and running quickly. But the equation changes when you turn the conversation toward cyber resilience. This encompasses recovery and, more importantly, the ability to defend against and prevent attacks in real time and establish flexible, reactive and proactive operations.
More than three-quarters of organizations cite security and data breaches as the leading cause of server, operating system, application, and network downtime. Your system architecture, while important, is only one part of the cyber resiliency solution. Having a strategy that includes both your architecture and your people is also vital.
Not just cybersecurity
Cyber resilience is a strategic approach that encompasses your system architecture, physical structures, and people. Cybersecurity is only part of the equation. Many people understand cyber security in relation to breaches caused by attacks, misconfigurations, or insider threats. The inability to secure or protect data and privacy after the fact is often the focus. Instead, a resilience-focused approach would include a proactive action plan to mitigate the damage caused by loss of access to the system due to a cyber attack, for example.
With the recent shift to a more decentralized work environment, the need to refocus on people-centric security measures has increased. More often than not, resilience (and cybersecurity) is really about people.
In the world of cybersecurity there are three types of people:
- Good actors doing good things.
- Good actors who make mistakes.
- Bad actors who have malicious intent
We've all heard the story of that good employee who made an honest mistake, like the bank employee who synchronized web browsers and unknowingly opened up access to important bank passwords to bad actors. . In this story, the employee was working from home on a work laptop connected to the home network. At some point, Google sent out a notification about a new feature that syncs web browsers across multiple devices. Sounds good right? The employee continued, but didn't realize that by syncing the browsers, all personal passwords were now stored in the work browser. And more importantly, all work passwords were now stored in the personal browser.
When the criminals broke into the employee's home network and accessed the personal browser, they discovered a trove of banking information. The hackers used this access to break into the financial institution. Fortunately, the architecture helps protect against malicious actors, but what about simple mistakes made by good people? (See above bank employee).
The truth is that engineers create security nets within systems due to human error or possible attacks, not just due to hardware failure. Human error is a major factor in 95% of breaches. Unintentional errors do happen, and understanding how to deal with errors is essential for resilience and cybersecurity.
Strengthen cyber resilience
A successful cyber resilience strategy integrates humans and technology. Here are some examples of how to avoid unwanted errors:
Cyber-resilience and business
Cyber resiliency is vital to all aspects of business and is more than just additional security bells and whistles. It is worthy of a strategy and essential to avoid large operations, services and reputational setbacks. A successful cyber resilience strategy focuses on cybersecurity, architecture, and people.
Considering all three angles allows for flexible, responsive, and proactive operations to ensure business continuity, even in the face of something as simple as browser sync.
Embark on the path to cyber resiliency and strategize with Broadcom today.
Copyright © 2022 IDG Communications, Inc.
