Most of professionals in the cybersecurity industry have read the new National Cybersecurity Strategy recently released by the Biden-Harris Administration. It marks another step the Executive branch has taken to ensure people, businesses and government remain secure in the global digital ecosystem.
The strategy is built on recognizable pillars that have long been part of cybersecurity strategies, including cyber defense, threat disruption, goal establishment and partnerships. It also introduces “resilience” as a new paradigm, signaling that this once abstract concept is now recognized as fundamental to ensuring a solid defensive and operational digital posture.
Despite this validation, many will still recoil from the term, as overuse by security vendors has muddied its meaning. However, no security leaders can continue to view it through a skeptical lens. Now part of the government’s vision for the future of cybersecurity, a “resilience standard” will soon likely be both introduced and mandated.
Within the context of the White House’s vision, defining and implementing resilience is straightforward. To state it simply, it means an organization can bounce back quickly from disruption to their digital operations. Practically, it can be described as a model that prepares people, identifies technologies, focuses on recovery and establishes partnerships to reduce the negative impact threats, complexity and vulnerable technologies have on public and private sector organizations. Within this simplified framework, any security and risk leader can direct investments that establish resilience factors across all four areas. To build resilience into the organization, start by taking basic steps:
Through actions that are either malicious, negligent or ill-informed, almost all security and compliance incidents are driven by people. When investigations are complete, problems typically point back to someone who stole sensitive corporate data, accidentally clicked a malicious link, lost a device, hesitated to deploy a patch that may cause disruption, or could not tolerate a security-related delay to their line of business (LOB). All these situations can be easily mitigated through resilient practices for managing people.
Organizations can start by making certain they have strong zero trust and identity policies in place that restrict workers’ access to only the data and applications they need to do their jobs.
Continue to train and test anyone who has access to your organization’s applications and data. Prepare them to not only recognize threatening occurrences but also make it easy for them to report them internally.
Maintain a digital tether to all devices used to access your networks, software and information. Every year millions of endpoint devices go missing and unaccounted for — with an unbreakable connection, they can be controlled and protected no matter where they are.
Make sure that LOB leaders recognize that some delays are necessary to ensure that effective security can be maintained, and unnecessary risk can be avoided.
This is an area where most security and risk professionals often become confused. Many solutions can legitimately claim to contribute to helping create a resilient environment, but seldom does anyone bother to investigate the level of robustness their deployed security and compliance technologies are able to maintain. Organizations may have EDR, EPP, ZTNA, UEM and other critical endpoint applications deployed. What good are they if they aren’t operating as expected?
Absolute data, pulled from the millions of active endpoints using the platform, shows that most ISVs’ agents operate well below the level of efficacy needed to detect and defend against malicious and accidental threats. It is often assumed this is due to software flaws, which is sometimes true.
Just as often though, agents don’t operate correctly due to other reasons. They can be turned off, hampered by technical complexity, impacted by malfunctioning configuration management and patching tools, or unable to compete for limited computing resources.
To ensure that the most critical applications and devices run as needed, implement a tamper-proof layer that monitors and reports on application and device performance along with the ability to apply self-healing to both, should anything go wrong.
According to recent reports, organizations take between several days to just under a year in some cases to recover from a broad range of cyber incidents. It is important to remember that threats and attacks are not the only events that disrupt the normal course of business. Technical complexity also interferes with operations in the short and long term. This is a problem that has contributed to disruptions of varying lengths in data centers, clouds and on endpoints for decades.
Such disruptions won’t end anytime soon. As the world continues to become increasingly digital and mobile, remote work will add challenges and uncontrollable variables. Both IT and security will have to deal with tech and factors that workers are increasingly reliant on for work, including device and network ownership, availability and performance of cellular networks and home and public WiFi.
Without the ability to shorten the length of time it takes to “snap back,” there is no resiliency. In addition to deploying an acceptable amount of security, business, and management tools, be sure to invest in solutions that monitor and repair software and hardware in the face of disruptions driven by threats and complexity. In many cases, you may already be sitting on top of capabilities that can help you achieve this goal. Ask your existing vendors how they can help to keep your endpoint agents healthy, your network connections secure and optimized, and your cloud workloads available. You may uncover hidden capabilities you are already paying for.
Accountability is a key theme woven into the National Cybersecurity Strategy. The idea shifts much of the security burden away from victim organizations and onto solutions providers. However, no one should lose site of the fact that to build a more resilient future, everyone will have to assume a share of responsibility in creating better hardware and software that is easier to manage, increasingly interoperable, and more resistant to attacks, complexity, and tampering.
This doesn’t mean that providers must abandon their expertise and develop an entirely new product direction.
Take EDR for example. Over the past several years, it has risen to be a preferred first line of defense against malware attacks on endpoints. Like all cybersecurity technologies, it has evolved with the help of talent, innovations such as AI and machine learning, and experience. Suppliers will have to continually improve their own products with better code, patching, and new features to fight evolving threats. However, to maintain focus on their core competency, they can turn to partners better equipped to support resiliency across the unique environments and multiple OSs they deploy on.
The Resilience Awakening
The White House isn’t the only entity waking up to the need to extend resilience across all levels of cybersecurity and IT. Security and risk professionals openly point out that between 5% and 25% of agents are degraded at any given time. Even news outlets are beginning to focus more time on it.
No single member of the cybersecurity or IT vendor landscape can deliver resiliency as an off-the-shelf commodity. Vendors, enterprises, and governments will have to work together in partnership for any measurable and effective level to be reached. This new development out of DC and overall acknowledgement of resilience as critical to the future of business is an encouraging step in the right direction.