Attacks are inevitable so the key is to minimize losses
UTICA, N.Y. — A growing mindset in the world of cybersecurity is cybersecurity resilience, which is the idea that hacks are inevitable, so businesses need to figure out how to remain operational when those hacks happen.
According to the National Institute of Standards and Technology (NIST), cybersecurity resilience is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.
“Cybersecurity is in the headlines every day,” says Alex MacDiarmid, director of advanced programs at Quanterion Solutions, Inc. in Utica. That resilience element is all about how a business can continue to perform its essential functions if and when a cyber attack happens.
It’s almost impossible to develop a cybersecurity plan that prevents all attacks, says Cully Patch, senior program manager for cybersecurity and intelligence at Quanterion. That’s because the functionality of a system is inversely connected to its security. In other words, the more secure a system is, the less functional it is.
Businesses need to find that sweet spot in between, he says, where systems are well protected but are still functional enough for employees to do their jobs. They also need to fine tune their resilience plan, he adds.
In the ever-growing digital age, it really is crucial. According to Quanterion, there are 14.4 billion active “internet of things” devices, with that number growing about 18 percent annually. Internet of things means devices with sensors, processing ability, software, or some form of technology that connects it to the internet or other communication network. This can include anything from machinery in a factory or hospital to smartwatches and other wearables and, of course, the phones and computers we use in our everyday personal and work lives.
Ransomware remains a popular choice for hackers going after businesses. The workday is humming along and all of a sudden, a message pops up on computer after computer on the business’ network. Hackers have control of the network — and all the data and programs on it — effectively griding business to a halt.
That’s where the resilience plan comes into play, MacDiarmid says. Many times, companies just pay the ransom. “The bad thing about all that is even if you pay the ransom ... it doesn’t unlock as fast as it locks,” he notes. Plus, the business is out the ransom money.
Other downsides of being the victim of a cyber attack can include damage to the business reputation, loss of revenue, and even fines in some cases, MacDiarmid notes.
One example of resilience that’s a better solution, he says, is having routine backups to which the company can revert back. Rather than pay the hackers, the company can simply revert back to the most recent backup. Some work may be lost, but the business isn’t at the mercy of hackers and can continue to operate.
Another option is to separate business systems so they can operate independently from each other, MacDiarmid adds. That way, if one area is compromised, the rest of the business can continue to function.
In order to produce a plan for resiliency, there are five key cyber functions that come into play, MacDiarmid says. They are identify, protect, detect, respond, and recover.
Within those functions are basic things such as strong antivirus programs, company protocols regarding passwords, and good cyber hygiene practices (keeping software up to date, removing outdated users, etc.) as well as more-advanced actions such as monitoring network activity for anomalies, diagramming the network, and developing an incident response plan for distinct types of incidents, Patch and MacDiarmid say.
NIST’s Small Business Cybersecurity Corner offers a number of planning tools to assist businesses that may not have an in-house cybersecurity person or the means to employ an outside firm.