Highlighted in Microsoft’s recent Digital Defense Report, Cyber Resiliency is a crucial concept for organizations of all sizes to integrate in their overall cyber strategy. Cyber Resiliency can be thought of as a union of business continuity, disaster recovery, incident response, and risk management. The primary goal is to harden organizational systems and processes to withstand catastrophic cyber events without compromising business operations. The concept of business resiliency is not new, but in today’s digital age with the advanced level of global cyber threats, businesses must be prepared for the inevitable and bolster their ability to withstand impacts of cyber threats.
The importance of resiliency
Having a cyber resilience strategy is critical to ensuring business continuity. For most businesses, the biggest financial risk they face is a complete extended loss of operations. Further, in today’s age of interconnected devices, a loss of business-critical infrastructure, network services, or data availability can cause business operations to grind to a halt.
This immense financial risk means that businesses need to plan on being able to take a punch without being knocked out. If a virus finds its way onto an end-user device, network segmentation should prevent it from spreading. If a core network switch fails, there should be a second switch already in place to pick up the slack. If an essential production database gets hit by ransomware, there should be a process in place to quickly restore from a known good backup. Cyber resiliency is all about planning effective mitigations and implementing redundant architecture in business-critical processes to keep the business moving.
Cybersecurity Performance Management (CPM)
The answer to jumpstarting organizational cyber resilience is Cybersecurity Performance Management (CPM). CPM is a framework that ties cybersecurity performance to an organization’s strategic cyber objectives, measuring meaningful performance metrics – defined as Cybersecurity Performance Indicators (CPIs) – over time to ensure continuous monitoring of our risk, compliance, maturity, and ROI. It’s a data-driven approach to cybersecurity, leveraging existing tools that you already have to gain greater insight into your cybersecurity performance.
CPM relies on centralizing the reporting of your existing security tools to create a unified understanding of the baseline cybersecurity performance of your organization. It empowers decision makers by tracking the specifics of your performance with CPIs that measure key performance metrics such as multifactor authentication enrollment or time to patch critical vulnerabilities. These metrics will inform strategic investments that result in more efficient, targeted spending in cybersecurity improvements.
How CPM bolsters cyber resiliency efforts
This added visibility is critical to informing cyber resiliency efforts, as the biggest determining factor to your ability to mitigate cyber risk comes down to your day-to-day cybersecurity performance. According to Microsoft’s Digital Defense Report, basic security hygiene still protects against 98 percent of attacks. CPM provides a methodical system for identifying weak points, reducing risk, and improving overall security hygiene. It encourages small, continuous improvements that foster a culture of constant growth and strong competencies in the fundamentals of cybersecurity. This focus on the day-to-day operations of the security team is crucial in building up cyber resiliency through increased process maturity.
It’s important to remember that while resiliency focuses a lot on how you respond to incidents as they occur, the biggest factor in a successful response is the quality of the preparation that precedes it. Significant effort needs to be put in at the organizational level to reinforce business processes to become as resilient and streamlined as possible. This means having buy-in from leadership throughout the organization and a unified understanding of risk tolerance.
The key to CPM is the ability to compare Cybersecurity Performance Indicators (CPIs) against organizationally defined goals, such as multifactor authentication compliance, time to patch critical vulnerabilities, and the percent of known assets that have been scanned for vulnerabilities. This visibility against organizational objectives vastly simplifies the work of streamlining the day-to-day life of cybersecurity teams. It allows for targeted improvements that strengthen cyber resiliency, reduce risk, and improve overall cybersecurity hygiene.
At this point, it’s clear that organizations need to change how they think about and manage cybersecurity within their organizations. When divisions within an organization are unified in mission and approach to cybersecurity, it vastly increases the effectiveness and efficiency of security improvement initiatives. In turn, this empowers organizational units to operate more efficiently, increase performance, and bolster resiliency in difficult situations.