We live in a time of unprecedented technological innovation. We are more digitally connected in our work and personal lives than ever before. If you can dream it, you can print it on a 3D printer. The Nanobots of the Terminator movies are routinely used in medical procedures, and cars drive themselves – or at least are trying to!
But technological innovation isn’t confined to the good guys. For every technological advancement that makes our lives better, easier, and more convenient there are seemingly two new cyber-attack techniques, or two forms of new malware designed to damage our businesses and our bank accounts.
A quick google search will show that today’s security programs are being outpaced by a rapidly changing threat landscape. For organizations of all sizes and across all industries, it’s not a matter of if they are attacked, it’s a matter of when. It is undeniably clear that one’s perimeter WILL be breached at some point. So, as security professionals come to terms with the reality that they cannot prevent attacks from happening, they need a new strategy: Resilience.
Defining cyber resilience
If there’s anything global turmoil of the past few years have taught all of us, it is to anticipate unexpected risk. That is why, at Bitdefender, we believe both threat prevention and detection, as well as response, are important in equal measure. It is important to prevent attacks from causing security incidents in the first place whenever possible, but it is equally important to have an effective detection and response strategy that takes into consideration the organization’s risk tolerance.
Bitdefender defines cyber resilience as the ability to maintain systems and data confidentiality, integrity and availability by preventing cyberattacks from causing incidents or detecting and responding in a manner which limits impact within a pre-defined risk tolerance.
If you think of a boxer in a match, they know they are going to get punched. Risk is about understanding when, where and how they’re most likely to get punched. Resiliency is about how well they can take that punch when it comes.
Adapt or die
In 2017, the SANS Institute made the statement that cybersecurity isn’t a technical problem; it’s a business problem. In recent years we hear more and more that security teams must be business enablers, but have many of us changed? How many security teams today have business goals incorporated within their security goals? In contrast, how many still measure success by the measure of investigations, the number of alerts or the number of patches?
Charles Darwin famously said “It’s not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is most adaptable to change.” When it comes to cybersecurity, too many organizations seem to struggle with adapting to our new reality.
Who’s not struggling with it? The bad guys. Today’s criminal gangs have continued to adapt and evolve their techniques. For example, consider the evolution of ransomware. With the emergence of Ransomware as a Service (RaaS) in recent years, we see that cybercriminal gangs have not only adapted their tactics and techniques, but their entire operating model. There is an entire shadow economy today of cybercrime organizations that mimic legitimate businesses in many ways. They have development teams and provide software packages with marketing bundles and even customer service.
The world is changing around us. As a community, cybersecurity professionals are often saying the right thing, but there seems to be a disconnect between what many say and what they do. Many security professionals today say they are business focused, but they remain obsessed with legacy security programs. They say they are proactive, not reactive, yet they don’t patch until it’s too late. They understand that they must assume compromise, but they continue to prioritize prevention at the expense of resilience.
Shifting the focus to cyber resilience
It’s time for security professionals to shift their focus. If we do as we say we need to and put business enablement at the center of our security operations, it forces the security team to shift their focus from merely trying to avoid an attack to minimizing the business impact in the inevitable event of an attack.
We know that people will always click on things they shouldn’t, tools may not always be perfectly configured, and every organization is likely running some legacy applications that remain critical to operations. Therefore, we must be prepared. Being cyber resilient means asking yourself two key questions:
If I’m being attacked, will I know it’s happening?
If I know it’s happening, how will I protect the business?
If an organization is going to withstand and recover from the inevitable attack when it happens, its security team must be able to answer “Yes” to both of those questions. This requires certain security capabilities. Knowledge of an attack requires continuous monitoring across endpoints, networks, servers, cloud workloads and identity. It requires 24/7 eyes on the glass, visibility across the entire enterprise ecosystem and the ability to cross-correlate telemetry from endpoint and non-endpoint sensors to detect abnormal activity. The ability to protect the business requires effective response and remediation strategies as well as backups, disaster recovery and incident response capabilities.
Built for resilience
In a hyperconnected world where attackers seek to do harm 24x7 and organizations face unpredictable risk, Bitdefender solutions are built for resilience. We have developed a Blueprint for Cyber Resilience – a comprehensive list of capabilities and services that are fundamental for organizations to become more cyber resilient.
Everything is underpinned by the Bitdefender GravityZone platform, a unified threat prevention, detection and response platform that can be deployed directly or used as a managed service. A platform approach is important for not only gaining comprehensive visibility across the entire organization – not just managed endpoints – but also for breaking down security silos and enabling security teams to become more efficient and effective.
Building upon the platform is the threat intelligence of our Bitdefender Labs. This group of more than 825 elite security researchers, threat hunters and security analysts process 30 billion threat queries a day (nearly 1,000 a second) and discovers over 400 threats every minute. The close partnership between Bitdefender Labs, our GravityZone research and development team, and our managed detection and response (MDR) service team means that we are continuously building advanced threat intelligence into our prevention technologies, analytics, and MDR operations. Customers get the benefit of our expert researchers working for you every day to stay on top of the latest threats, as well as the benefit of a better return on investment (ROI) from having a single provider.
With the right platform and capabilities in place, security teams can put business enablement at the center of their operations. They can shift their focus from merely attempting to prevent attacks (which are inevitable) to a more resilient approach of minimizing business impact and improving response and remediation. Using a platform approach, like Bitdefender GravityZone, organizations can become more cyber resilient and reduce risk without needing to increase staff or purchase tools from multiple vendors. This allows security teams to be more efficient and effective, so they can act as enablers of business growth rather than a barrier.
Learn more about how Bitdefender GravityZone can enable business growth through cyber resilience.