Simply put, cyber resilience is a measure of how well an organization can operate its business during a data breach or cyber attack. Security teams have measures in place to detect and stop attacks, and they have recovery plans for the inevitable breach, but can they, along with IT, keep critical business processes such as order fulfillment, customer service, or accounting operating during a crisis?
Not everyone has to be a security pro, but those in development or in other technical roles must understand security’s importance to the larger organization. If they don’t do their part to safeguard operations, breaches and attacks can demobilize an entire business.
Take NotPetya, for example, which Rob Juncker, senior vice-president of product development at software provider Code42, says shut down “supermarkets and ATMs all throughout the Ukraine.” Or WannaCry, which he says left hospitals unable to access patient information. Just as “the biggest organizations fail and…go bankrupt because they’ve failed to innovate,” Junker says a lack of security readiness has similar potential to bring a company down. When everyone understands the vital nature of security, devops is free to build buffers into the business that keep it resilient enough to survive.
Understand the business to better protect it
For starters, Don Aliberti, head of information security for financial services group Nomura Holdings America, says, “If you want to protect the enterprise, protect the firm, you have to understand your firm.” Take a good look at every company process that uses tech. Sure, code is being developed, but so are marketing campaigns. Maybe sales is in the middle of drafting an important proposal. Accounting is filing quarterly taxes while email and Slack send every message imaginable back and forth.
If it has value and is happening on your systems, it needs to be protected. Determining value, Alberti says, requires “understanding what are the main functions that keep the business going and what are the main risks to the business as far as availability, confidentiality, and integrity that potentially could hurt the business.”
Approach your backup systems with a business mindset
If a malware attack meant development could no longer access their work, what would happen? Could the business keep going? With backups, maybe. They’re not just there in case someone deletes something, after all. Ben Cabrera, CIO for Covanta, says backups are part of the environmental company’s plan for dealing with ransomware: “Disaster recovery and backups have become really important thing for us.”
If hackers attack, he explains, “We just shut down that environment and move to the next environment, which is a warm backup. From a disaster recovery perspective, we can be back up and running within a relatively short period of time.”
The trick to backups is to approach them with a business — not just security — mindset. In deciding whether to repair or ditch an infected system, Cabrera says, “You really have to make a decision in terms of what was compromised, what was damaged, and then — at the same time — what’s the cost of information that’s actually transpired since that point? If the breach was two months ago, for example, backing up to that point in time would be a loss of information and value to your business, right?”