Strategies for Learning from Failure: Cyber Resilience

In 2024, the average cost of a data breach increased 10% over the previous year, reaching USD 4.88 million, according to IBM’s 2024 Cost of a Data Breach report.

This number is not surprising to those of us working in cybersecurity: No system is foolproof. All organizations, no matter how well they are safeguarded, will eventually get hacked. As a cyber leader, you know that it’s not about if an attack will happen — it’s about when.

The reality is that breaches will still occur. Prevention is important, but resilience − the ability to recover quickly and thoroughly − is what minimizes the blast radius when prevention fails.

The Strategy for Resilience

One of the best ways to help your customer is to change their mindset from “if we’re attacked” to “when we’re attacked.” Helping them assess their risk and then building a plan that presumes an attack is imminent ensures that they’ll have the tool set to quickly identify, respond and recover from a cyberattack when it occurs — and makes it possible for business operations to continue even in the face of a potential disruption. That is the basis of cyber resilience.

Steps for Building Cyber Resilience

Building resilience is key for organizations to protect against and recover from breaches. Here are some pragmatic steps to bolster resilience:

Related:Sophos CEO Joe Levy on Lessons Learned from CrowdStrike-Microsoft Outage

1. Identify assets and perform a risk assessment. It’s important to understand what assets your customer has, who is responsible for each one and how critical they are to their organization.  A cyber resilience plan is built on a solid assessment of the risks your customer’s organization is most likely to experience.

2. Develop a strategy. A cyber resilience strategy helps your customer to prepare for, respond to and quickly recover from cyberattacks and continue business operations with minimal disruption to workflow and processes.

3. Create policies and procedures. For processes and technology to be an effective part of a cyber resilience program, governance is required.

4. Implement security controls. These are the security controls that all organizations should have at a minimum for cyber resilience:

5. Deliver training and awareness programs. Educating employees about cyber risks and best practices while developing a culture of cybersecurity awareness is essential to a cyber resilience program.

Related:Cynomi vCISO Platform: 'Proof Is in the Pudding'

6. Run simulations and drills. These exercises simulate real-world incidents in a controlled environment, which enables your customer to test their IR, evaluate team coordination and identify vulnerabilities.

Unfortunately, “perfect protection” against an attack is impossible. Organizations that focus only on prevention are setting themselves up for failure. No individual, organization or government has the necessary resources to ensure that they’ll never get hacked. It’s essential to gain the skills and knowledge you need to equip your organization with the agility to prevent, withstand and recover from attacks.