The importance of being cyber resilient

It was Benjamin Franklin who coined the phrase “an ounce of prevention is worth a pound of cure” and the idea that avoiding harm beats dealing with its effects continues to ring true. But while prevention makes sense, it shouldn’t come at the expense of ensuring you have a cure on hand should danger strike – and that is especially true when it comes to cybersecurity.

Becoming a cyber resilient organisation means understanding that protection is one part of a three-pronged approach to robust cybersecurity. The other two are the ability to detect threats and the capability to combat them effectively in a timely way.

‍

Cyberattacks on the rise and becoming more inventive

Thanks to digital transformation, cloud adoption, and IoT (Internet of Things) devices, the attack surface for most businesses continues to expand, making them increasingly susceptible to cyberattacks. Spark recently asked New Zealand businesses about their experiences of security threats in the past year. We found 67% of organisations across the country were of the belief they had experienced an increase in cybersecurity threats during this time.

This chimes with global findings, which show that cyber criminals continue to be among the most innovative online players, constantly scanning for vulnerabilities. Among their most potent weapons is an understanding of, and the ability to exploit human frailty. The Verizon 2023 Data Breach Investigations Report notes that globally, more than 50% of cyberattack incidents are in essence social engineering attacks. That could manifest itself as a user being sent a convincing email, often created using data gleaned from their social media posts, which prompts them to click on a link, which then invites malware onto the network.

When that happens – and it is a case of when, not if – the results can be devastating. Losing customers’ trust, legal action from government agencies in New Zealand and overseas, even financial ruin. TheNew Zealand Cyber Security Centre notes in its annual report for 2022/2023 that of the 312 incidents that affected nationally significant organisations, 28% were likely criminal or financially motivated. Meanwhile, the Verizon report notes that globally, 95% of all cyberattacks are financially motivated. In short, cybercrime exists because it is a very good way to make money.

‍

‍Partnering well to become cyber resilient

‍The threat of cybercrime shouldn’t prevent an organisation from adopting new technology, like artificial intelligence.

A cyber resilient organisation will have in place the ability to detect threats when they occur and the capability to repel them before the harm spreads.

- Patrick Balmer, Spark Managed Security Service Provider Practice Lead

For example, if a user clicks on a link that invites malware into the corporate system, the intrusion is automatically detected, and their laptop is shut down and isolated from the network.

It is a 24/7 job, and this is why partnering with a managed security service provider (MSSP) such as Spark, which operates an around-the-clock Security Operations Centre (SoC), makes a lot of sense. There are inherent difficulties in businesses trying to manage cybersecurity alone; chief among them is finding, training, and retraining cybersecurity professionals. An organisation can invest a great deal of resources in recruiting and growing a cyber security expert, only to have them enticed away by a better paying role.

In addition to having a large group of cybersecurity experts available to assist customers, Spark dedicates resources to ensuring its SoC is across the latest technologies, such as the use of artificial intelligence to detect irregularities in the network and raise an alert. When it comes to a cyberattack, the sooner it is detected and shut down the better to stem potential damage that could cascade throughout the business. This is all part of being cyber resilient, and making sure attacks don’t cause major disruption to your business and its productivity.

‍

Risk and maturity assessments critical to determining cyber resilience

It’s not enough to think because you are in the public cloud that the hyperscalers, such as AWS, Microsoft, and Google, are taking care of cybersecurity. It is your organisation’s data and therefore you have the responsibility for it.

A cyber risk assessment and maturity assessment are the critical guidelines that every business should have in place and regularly revisit. This will help ensure you are better protected from cyberattacks, as well as eligible for cybersecurity insurance.

There are freely available resources, such as the NIST Framework, which is a global standard, that can assist organisations in getting started with these assessments. Once complete, it’s important to have them independently reviewed to ensure they are robust and fit for purpose. Our team at Spark are often called upon to be that independent assessor.

When you have had your risk and maturity assessments independently verified, consider how you stack up against similar organisations in your industry. It’s important to measure your organisation's maturity against your peers. For example, if your business is in the healthcare sector, it's important to measure maturity against other healthcare providers.

Another common finding is that organisations may have been diligently investing in technology to build cyber resilience, but neglecting the people and processes that also need to be in place for when an attack occurs. While the former can be solved through effective partnering with an MSSP, the latter requires a whole-of-business response.

‍

Creating a plan of action for when a cyberattack occurs

Creating a plan for what happens when your organisation falls victim to a cyberattack should be part of your overall business continuity planning. A basic question to have answered is – who will you call when a threat occurs?

It used to be that organisations would often keep quiet when under attack. Fearful of being exposed as a victim of cybercrime, a business would try to make the problem go away without asking for outside help. But times have changed. Aside from the fact that the longer an attack occurs, the more likely you are to incur major financial and reputational damage, legislation such as New Zealand’s Privacy Act 2020 dictates that data breaches must be reported immediately.

It's about creating a plan, so you are ready and as resilient as possible for the day the worst happens, reviewing it regularly, and testing it to make sure it is fit for purpose in the current environment. It pays to practice your recovery in the good times, so you are ready for when cyber criminals strike.

If you want to protect your business productivity, our team is here to help you map out the best path to building cyber resilience.

ABOUT THE AUTHOR‍

Patric Balmer is a 20-year veteran in the IT industry, specialising in the highly demanding sector of information security; with specific focus on undertaking IT Security consultations to help businesses develop strategic roadmaps to address and increase the security maturity across their business. He has a proven track record of designing innovative and effective solutions for government and private sector entities across New Zealand.