Strategies for Learning from Failure: Cyber Resilience

One of the best ways to help your customer is to change their mindset from “if we’re attacked” to “when we’re attacked.”

Phillip Privett, SVP, Vendor Management, Advanced Solutions

October 29, 2024

2 Min Read
Strategies for cyber resilience
ParinPix/Shutterstock

In 2024, the average cost of a data breach increased 10% over the previous year, reaching USD 4.88 million, according to IBM’s 2024 Cost of a Data Breach report.

This number is not surprising to those of us working in cybersecurity: No system is foolproof. All organizations, no matter how well they are safeguarded, will eventually get hacked. As a cyber leader, you know that it’s not about if an attack will happen — it’s about when.

The reality is that breaches will still occur. Prevention is important, but resilience − the ability to recover quickly and thoroughly − is what minimizes the blast radius when prevention fails.

The Strategy for Resilience

One of the best ways to help your customer is to change their mindset from “if we’re attacked” to “when we’re attacked.” Helping them assess their risk and then building a plan that presumes an attack is imminent ensures that they’ll have the tool set to quickly identify, respond and recover from a cyberattack when it occurs — and makes it possible for business operations to continue even in the face of a potential disruption. That is the basis of cyber resilience.

Steps for Building Cyber Resilience

Building resilience is key for organizations to protect against and recover from breaches. Here are some pragmatic steps to bolster resilience:

Related:Bitdefender Partners Get New Tech Alliance Program

1. Identify assets and perform a risk assessment. It’s important to understand what assets your customer has, who is responsible for each one and how critical they are to their organization.  A cyber resilience plan is built on a solid assessment of the risks your customer’s organization is most likely to experience.

2. Develop a strategy. A cyber resilience strategy helps your customer to prepare for, respond to and quickly recover from cyberattacks and continue business operations with minimal disruption to workflow and processes.

3. Create policies and procedures. For processes and technology to be an effective part of a cyber resilience program, governance is required.

4. Implement security controls. These are the security controls that all organizations should have at a minimum for cyber resilience:

  • Multifactor authentication (MFA) for remote access and privileged or admin access.

  • Email filtering and web security.

  • Secured, encrypted and tested backups.

  • Privileged access management (PAM).

  • Endpoint detection and response (EDR).

  • Patch management/vulnerability management.

5. Deliver training and awareness programs. Educating employees about cyber risks and best practices while developing a culture of cybersecurity awareness is essential to a cyber resilience program.

Related:SlashNext: Credential Phishing Attacks Soar in Second Half of 2024

6. Run simulations and drills. These exercises simulate real-world incidents in a controlled environment, which enables your customer to test their IR, evaluate team coordination and identify vulnerabilities.

Unfortunately, “perfect protection” against an attack is impossible. Organizations that focus only on prevention are setting themselves up for failure. No individual, organization or government has the necessary resources to ensure that they’ll never get hacked. It’s essential to gain the skills and knowledge you need to equip your organization with the agility to prevent, withstand and recover from attacks.

Read more about:

MSPsVARs/SIs

About the Author

Phillip Privett

SVP, Vendor Management, Advanced Solutions, TD Synnex

Phillip Privett was named senior vice president, vendor management in December 2022.  He currently leads the Advanced Solutions Modern Infrastructure Vendor Management teams for TD Synnex. Previously, Privett held the vendor solutions leadership role for IBM and Red Hat since November 2020 to help TD Synnex lead its IBM and Red Hat strategy for North America, and added Cohesity in July 2023. Privett's extensive background in vendor relationship management, marketing, sales effectiveness, solutions design and architecture, and services delivery are key to continuing TD Synnex’s evolution to solution aggregation and orchestration.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like