Subscribe
  • Home
  • /
  • Security
  • /
  • Challenges businesses face around cyber resilience

Challenges businesses face around cyber resilience


Johannesburg, 13 Apr 2022
Tamer El Refaey, CyberRes Sales Engineering Lead, Micro Focus.
Tamer El Refaey, CyberRes Sales Engineering Lead, Micro Focus.

Businesses are currently operating in an increasingly complex environment. The biggest challenge faced by business at the moment is change to the way they are working. Digital transformation is moving the business model away from purely face-to-face interactions towards more online interactions, with a large number of people still working from home. Some business have even reduced their workforces to allow for increased automation.

In addition – and as a result – today’s businesses are generating massive quantities of data. Added to this influx of data is the ongoing development of software and mobile apps, which have to align and comply with an increasingly complex number of regulations.

With consideration to these factors, the way that businesses think about security is evolving. The focus is shifting towards ensuring business continuity as opposed to a mindset of just having security in place. Tamer El Refaey, CyberRes Sales Engineering Lead at Micro Focus, says: “It’s vital to make sure that the business can continue to function regardless of the challenges it faces, a concept that has been heavily underlined during the pandemic. Thinking about this is probably the most important challenge that today’s businesses are facing.”

Cyber attacks around the world are evolving and expanding, with the addition of new technologies, innovations and changing geopolitical environments, so in order to maintain business continuity, cyber resilience is paramount. El Refaey says: “Cyber criminals are targeting the businesses finances, its valuable data and sometimes even its critical infrastructure. The latter has come to the media forefront in the war between Russia and the Ukraine, which has seen cyber attacks on train, mobile and banking networks and even power utility infrastructure.”

The shift towards digital transformation, and with businesses moving everything online, means the attack surface becomes bigger, more accessible and more vulnerable, making it easier for cyber attackers to compromise organisations’ systems and data. This is why businesses that haven’t yet started their cyber resilience journey need to do so as soon as possible, he says.

The first step on the cyber resilience journey is for a business to understand the challenges it is facing. This includes the types of compliance that apply to the business, the types of adversaries faced and the types of assets that these adversaries might target. If the business is part of a critical infrastructure, such as telecommunications, the cyber criminals may not just be interested in its data or financial gain, they may want to render the business unable to operate. The organisation must understand what it has that is attractive to attackers.

Then the business has to look at its existing capabilities in terms of cyber resilience. Does it even have a cyber resilience function, not to mention the teams and budget required to start the journey? From an implementation point of view, there are three main areas of focus for the business:

  1. Protecting its critical assets by building defences around them so they aren’t easily compromised.
  2. Building detection capabilities so that it knows whether an attack is happening and who is behind it in near-real time. The business also needs to know how to act on that compromise or breach.
  3. The ability to return to business as usual once the attack has been thwarted and evolve the business’s cyber security defences by learning from what happened.

The cyber resilience toolkit

When protecting critical assets (point 1 above), businesses usually have their own firewalls, anti-virus, anti-malware and the like. However, it’s also key to protect identities by ensuring there’s proper access control and governance around users, devices and services in the business. It has to know who has access to what and when, and whether this access is required and secured. The business also needs to protect applications that it is either building or using, being aware of these apps’ vulnerabilities and eliminating these as early as possible in the development life cycle. Finally, businesses need to protect their data, be it personal, financial or any other kind of critical and sensitive information that the business needs to operate. Not only does it need to be secure and protected, should it be compromised or leaked, it mustn’t be usable – this is referred to as a secure breach of data.

Speaking to point two above, the business needs to have the ability to detect an attack quickly, and this requires leveraging technologies such as machine learning to reduce the noise of available data about threats, attacks and leaks. It also needs to respond as quickly as possible and this is achieved by automating activities and reducing dependence on the human element in the detect and response stages of cyber attacks.

Finally, from an evolution perspective (point three), the business needs to know how the attack happened and how it can incorporate the lessons learned into its security framework. It also needs to be able to adapt to changes like cloud usage and the growing the complexity of its infrastructure, by using artificial intelligence to speed up decision-making with better accuracy. The business also requires tools that will allow it to resume business as usual as quickly as possible, using automation to recover faster from the attack.

Businesses need to be aware that cyber attacks will come from many different entry points, such as a supply chain relationship, a partner relationship or even a customer relationship. “We no longer see the clear entry points that we used to expect of cyber attackers. Which is why the cyber resilience framework needs to be holistic instead of focusing on obvious attack surfaces. It has to be expanded to cover all possible entry points when developing a cyber security programme.”

El Refaey concludes by saying: “Businesses need to assume that they will be compromised, so the focus should not only be on preventing attacks, but on how to make sure that the impact of these attacks on business operations is minimised and that the business can continue to operate during or after such an attack.”

Find out more about cyber resilience and access high-value content on the topic here.

Share