Runners in a marathon, displaying speed and endurance in an athletic competition.

Embracing cyber resilience: the shift from defense to endurance

Photographic portrait of Varun Sharma
Varun Sharma

EY Americas Cyber Growth and Private Equity Leader

10 minute read 13 Sep 2024
Related topics
Cybersecurity
Consulting
CISO agenda

Shift to cyber resilience: A strategic approach for organizations to anticipate, withstand, recover, and adapt to evolving cyber threats.

In brief:

  • Shift from defense to endurance in cybersecurity is vital as threats evolve.
  • Cyber resilience enables swift recovery and operation continuity post-incident.
  • Embracing cyber resilience allows organizations to adapt and withstand sophisticated attacks.

Special thanks to Dan Mellen, Shawn Mattar, Aishwarya Nagarajan and Nandita Das for contributions to this content.

The imperative for large organizations to transition from traditional cybersecurity defenses to a more robust and adaptive cyber resilience framework is underscored by the relentless evolution of cyber threats. This shift is driven by the need to not only protect but also enable organizations to swiftly recover and maintain operations amidst a cyber incident. With the proliferation of advanced technologies such as artificial intelligence (AI), and the increasing frequency and sophistication of attacks like ransomware, the cybersecurity paradigm is being redefined. This article delves into the key principles of cyber resilience, benefits and value of cyber resilience, and how organization can assess and start their resilience journey.

Key principles of cyber resilience

Cyber resilience is built on several foundational principles that guide organizations in developing robust strategies to withstand cyber threats:

  1. Anticipate: Organizations must proactively understand the threat landscape, including potential attack vectors and adversary tactics, techniques and procedures (TTPs). This involves leveraging threat intelligence and predictive analytics to foresee and prepare for potential cyber attacks.
  2. Withstand: The ability to withstand attacks involves designing and implementing robust systems and architectures, such as employing a zero-trust security model, enhancing endpoint security and fortifying network defenses to minimize the impact of attacks without significant disruption to operations.
  3. Recover: Recovery processes are critical for restoring normal operations swiftly after an incident. This includes having well-practiced incident response plans, effective data backup strategies and resilient infrastructure that can quickly return to operational baselines.
  4. Adapt: Cyber resilience requires an organization to continuously learn from incidents and emerging threats. This principle emphasizes the importance of post-incident reviews, updating defense mechanisms and adapting strategies to mitigate future risks based on evidence and insights gained from past experiences.

How EY can help

  • Cybersecurity

    Learn more about how organizations are accelerating transformation and strengthening cybersecurity at the same time.

    Read more

Cyber resilience: from defensive measures to strategic enablers

The evolution of the cyber threat landscape has necessitated a shift from traditional defensive cybersecurity controls to a comprehensive cyber resilience strategy. This strategic pivot reimagines conventional security measures as resilience enablers, designed not only to prevent breaches but also to maintain and quickly restore operational effectiveness in the wake of cyber incidents. Data backup and encryption, for example, are now integral to ensuring data availability and integrity, serving as proactive measures for business continuity rather than mere safeguards against unauthorized access.

 

The move from a purely defensive stance to one rooted in resilience is driven by the rapid advancement of technologies, including AI, which has significantly altered the dynamics of cyber offense and defense. The surge in sophisticated ransomware attacks highlights the limitations of legacy approaches and underscores the need for a resilient framework capable of withstanding and adapting to emerging threats. By embracing cyber resilience, organizations can protect critical business systems and infrastructure more effectively, ensuring high availability and minimizing the potential for operational disruptions. This approach requires a deep technical understanding, a commitment to ongoing improvement and a strategic reorientation of cyber controls to support the sustained viability of business operations in an increasingly digital world.

Benefits and value of cyber resilience

The adoption of a cyber resilience framework provides substantial benefits and value to organizations:

  • Reduced risk posture: By proactively identifying and addressing vulnerabilities, organizations can significantly diminish their susceptibility to cyber threats.
  • Pressure-tested protection: Through rigorous testing, including penetration and chaos testing, security measures are validated against potential real-world cyber scenarios, ensuring their effectiveness.
  • Cyber resilience governance enhancement: Cyber resilience governance involves the integration of resilience planning into business continuity, disaster recovery and incident response teams, ensuring a coordinated and swift response to incidents.
  • Identification of key IT dependencies: A thorough inventory of critical business processes and sensitive data across the IT environment allows for a more targeted and effective defense strategy.
  • Testing of real-world resilience scenarios: By simulating actual cyber attack scenarios based on business priorities, organizations can assess and improve their resilience capabilities.
  • Continuous improvement of cyber resilience (CR) capabilities: Cyber resilience is an iterative process that benefits from evidence testing and the continuous refinement of strategies and controls.

Getting started

The journey toward cyber resilience begins with a strategic assessment of the organization’s current cybersecurity posture. This involves leveraging solution offerings such as the EY Rapid Cyber Resilience Assessment and Critical Business Process Discovery to gain a comprehensive view of the organization’s cyber resilience posture. Organizations must also consider geopolitical tensions, the advancement of AI technology and the adequacy of investment in planning for business continuity, disaster recovery and incident response.

How to achieve cyber resilience in five points: an EY perspective

Ernst & Young LLP (EY) proposes a comprehensive approach to achieving cyber resilience through the following five-point framework:

  1. Data awareness: A critical step involves understanding the organization’s data landscape, including cataloging critical business processes and mapping them to IT systems, applications and storage repositories.
  2. Zero-trust architecture: Implementing a zero-trust architecture requires a thorough reevaluation of network access controls and verification processes, ensuring that no entity within or outside the network is trusted by default.
  3. Incident readiness: Incident readiness entails the development of robust incident response plans that are regularly revisited and updated to reflect the latest threat intelligence and organizational priorities.
  4. Resilience by design: Cyber resilience must be integrated into the design and lifecycle of systems and operations, ensuring that resilience is not an afterthought but a foundational component.
  5. Stakeholder engagement: Achieving cyber resilience requires the engagement and collaboration of cross-functional teams, ensuring that resilience efforts are unified and informed across the organization.

How to assess yourself

When it comes to building and assessing cyber resilience, partnering with a trusted specialist can provide the expertise and perspective needed to thoroughly evaluate and enhance your organization's cybersecurity posture. Handling such complex assessments internally can be challenging due to potential resource constraints and the difficulty of maintaining objectivity. Here's how collaborating with a firm like EY can benefit your organization:

  • Leverage specialized knowledge: EY brings a wealth of knowledge and experience in cyber resilience, offering a comprehensive assessment that aligns with leading practices and industry standards.
  • Unbiased objective risk assessment: An external partner can provide an unbiased view of your cybersecurity strengths and weaknesses, helping to identify blind spots that internal teams might overlook.
  • Access to advanced tools and methodologies: EY provides access to state-of-the-art tools and methodologies for resilience testing, including sophisticated penetration testing and business impact analysis.
  • Regulatory and compliance insights: With deep insights into regulatory requirements and compliance, EY can identify cyber resilience strategies that meets all necessary legal and industry-specific standards.
  • Continuous improvement and support: EY can offer ongoing support and advice for continuously improving your cyber resilience posture, helping to keep your defenses up-to-date with the evolving threat landscape.

By engaging with EY, your organization can take advantage of specialized services designed to assess, develop and implement a robust cyber resilience framework tailored to your unique needs and challenges.

Board-level commitment to cyber resilience

The transition to a cyber resilience framework necessitates a profound commitment from the organization's board, which is pivotal for three key areas:

  • Board-level awareness: Board members must be well-versed in cybersecurity principles and the specific threats relevant to the organization. This technical awareness is critical for understanding the implications of strategic decisions on the organization's cyber risk profile. It is achieved through regular, detailed briefings on threat intelligence, cyber risk assessments and the status of cybersecurity initiatives.
  • Resource allocation: The board's commitment is demonstrated through the strategic allocation of resources to bolster cyber resilience. This includes approving budgets for advanced cybersecurity tools, such as AI-driven threat detection systems, and ensuring the organization has access to skilled cybersecurity professionals. Investment decisions should be data-driven, based on a clear understanding of the organization's risk exposure and the potential ROI of cybersecurity initiatives.
  • Policy development: Board members play a crucial role in the development and ratification of cybersecurity policies. These policies must be technically comprehensive, mandating the use of industry-standard cybersecurity frameworks (e.g., NIST CSF, ISO/IEC 27001) and ensuring adherence to regulatory compliance. The board should also advocate for policies that enforce regular cybersecurity audits and the integration of resilience planning into the enterprise risk management framework.

Enhancing stakeholder engagement in cyber resilience

Technical stakeholder engagement is essential for the depth and breadth of cyber resilience across the organization:

  • Internal stakeholder education: A technically informed workforce is the first line of defense against cyber threats. Continuous cybersecurity education programs, including training on the latest cybersecurity technologies and best practices, are vital. Employees should be familiar with the organization's incident response protocols and the use of automated tools for threat detection and response.
  • Cross-functional collaboration: Cyber resilience requires the synchronization of technical efforts across various departments. IT and security teams must work in concert with other departments to integrate cybersecurity considerations into all business processes. This includes the use of cross-departmental cybersecurity platforms that provide visibility into the security posture across different business units.
  • External partner coordination: Engaging with external stakeholders means extending the organization's cybersecurity standards throughout the supply chain. This involves technical collaboration, such as the implementation of shared security tools, regular security audits and the establishment of joint incident response mechanisms to ensure swift action in the event of a breach affecting multiple parties.

Recent cyber attacks and the importance of cyber resilience

Recent cyber attacks highlight the importance of cyber resilience. These incidents reveal that despite robust security measures, vulnerabilities can still be exploited, leading to significant business disruptions. The growing sophistication of cyber threats necessitates an approach that extends beyond prevention, emphasizing the ability to quickly adapt, respond and recover from incidents. The importance of cyber resilience is further accentuated as it becomes clear that a proactive and comprehensive strategy is essential for maintaining business continuity in an increasingly digital landscape.

Testing of real-world resilience scenarios

Technical adversarial simulations are essential for validating the effectiveness of an organization's cyber resilience posture. These simulations involve sophisticated emulation of cyber threat actors' tactics, techniques and procedures (TTPs) to challenge and improve the organization's security measures. Here are detailed examples of technical adversarial simulations:

  1. Red team penetration testing: A red team might utilize advanced persistent threat (APT) emulation plans that mirror known threat actor behaviors to test the organization's ability to detect and respond to stealthy, long-term intrusions. This could involve the use of custom-developed malware, exploiting zero-day vulnerabilities or establishing covert command and control (C2) channels to assess the organization's endpoint detection and network defense capabilities.
  2. Purple teaming with MITRE ATT&CK framework: Purple team exercises can leverage the MITRE ATT&CK framework to map out attack scenarios and identify detection and prevention gaps. By simulating specific adversary behaviors from the ATT&CK matrix, both offensive and defensive teams can collaboratively enhance the organization's security controls, such as fine-tuning Security Information and Event Management (SIEM) rules and improving Endpoint Detection and Response (EDR) configurations.
  3. Cyber range tabletop exercises: Cyber range environments can host immersive tabletop exercises where participants respond to simulated cyber incidents in a controlled virtual setting. These exercises might involve responding to a simulated supply chain compromise that requires analyzing network traffic for indicators of compromise (IoCs), reverse-engineering malware and executing a coordinated incident response across multiple departments.
  4. War gaming with network segmentation: In a war gaming scenario, teams may test the resilience of network segmentation strategies against lateral movement techniques. Attackers might attempt to escalate privileges and move laterally using techniques like Pass-the-Hash or Kerberoasting, while defenders use intrusion detection systems (IDS) and network access controls to contain and neutralize the simulated breach.
  5. Continuous breach and attack simulation (BAS): BAS platforms can be employed to continuously and automatically simulate a wide array of cyber attacks against an organization's infrastructure. These platforms can execute attack simulations that test the efficacy of security controls against advanced evasion techniques, such as obfuscated PowerShell scripts, memory injection attacks or the exploitation of misconfigurations in cloud services.

The views reflected in this article are those of the author and do not necessarily reflect the views of Ernst & Young LLP or other members of the global EY organization.

Summary

By simulating an attacker's actions, organizations can uncover hidden weaknesses in their networks, enhance their threat detection capabilities and improve incident response times. These simulations help validate security investments and inform decision-makers about the practical aspects of their cyber resilience strategies.

Adversarial simulations should be integrated into the organization's regular security practices. The insights gained from these exercises are crucial for refining incident response plans, developing more robust recovery procedures and fostering a culture of continuous improvement and resilience within the organization.

About this article

Photographic portrait of Varun Sharma
Varun Sharma

EY Americas Cyber Growth and Private Equity Leader

Passionate about cybersecurity, technology and supporting EY clients. Problem solver. Travel enthusiast.
Related topics
Cybersecurity
Consulting
CISO agenda

Related articles

Cybersecurity in the age of AI: navigating new frontiers at the RSA Conference

Explore key insights from RSA Conference 2024 on evolving cybersecurity strategies and AI challenges with EY and industry experts.

EY Americas

Why AI fuels cybersecurity anxiety, particularly for younger employees

Workers say they are worried that they are putting their organizations — and careers — at risk, new EY survey says. Here’s what to do about it.

Reflecting on RSA: how cyber leaders are responding to hot topics

Listen to EY leaders respond to concerns about increasing cyber threats.

EY Americas

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.