Unit 5.2. From Cyber-Security to Cyber-Resilience

What is Cybersecurity?

In the literature, cybersecurity includes various concepts, from information security to operational and computer system security. The term “cybersecurity” generally refers to a set of methods, procedures, and practices developed to safeguard computers, networks, programs, assets, and property rights from illegal access or exploitation-focused attacks.

The concept of cybersecurity varies depending on the audience. For individuals, this concept means a sense of security and protection of personal data and privacy. For organizations, cybersecurity means ensuring the availability of critical business operations and protecting sensitive data through operational and information security. For governments, this entails safeguarding citizens, institutions, key infrastructure, and computer systems from attacks or data theft.

Although there are several definitions, cybersecurity generally refers to a wide range of resources and activities that help individuals, organizations, and governments accomplish their computing objectives in a secure, private, and dependable approach. In short, Cyber Security combines many protocols that follow these companies or users to guarantee that the information they use retains its “CIA” – storage of confidentiality, integrity and accessibility. (Van Souls & Van Negurg, 2013: 98).

Cyber security is the protection of systems, networks as well as programs against digital attacks. The use of technologies, methods, and controls to defend against cyberattacks on systems, programs, networks, devices, and data is known as cyber security. Its purpose is to guard against the unauthorized use of technologies, networks, and systems and decrease the risk of cyberattacks.

Cybersecurity is the protection of computers, mobile devices, servers, networks, electronic systems and data against malicious attacks. It is commonly referred to as IT security or electronic information security. The term is used in a lot of different contexts, from business to mobile computing, but there are a few common groups.

Why is cybersecurity important?

Cybersecurity breaches are becoming increasingly expensive.

Companies affected by a cyber security breach can face heavy penalties. There are non-financial costs such as reputational harm that must be taken into consideration.

Cyber ​​security is an important and widespread issue

New legislation and reporting requirements make it more difficult to monitor cybersecurity risks. This requires management to assure that the board’s cyber risk strategies decrease the risk of attacks and curb the financial and operational strikes.

Cyber-attacks are becoming more advanced or sophisticated

Cyberattacks are getting increasingly sophisticated, and attackers are employing a wider range of strategies. These include ransomware, malware, and social engineering.

Cybercrime is a lucrative business.

Based on Vanson Bourne’s data, a 2020 study by McAfee and the CSIS estimates that cybercrime costs the global economy more than $1 trillion annually. Attackers can also be motivated by political, ethical, and social incentives.

The Five Types of Cybersecurity

1. Cybersecurity of critical infrastructure
Because SCADA (supervisory control and data acquisition) systems frequently depend on outdated software, critical infrastructure organizations are frequently more susceptible to attacks than other types of organizations.
2. Network security
Network security includes fixing vulnerabilities in your operating systems, network architecture, servers and hosts, firewalls, wireless access points, and network protocols.
3. Cloud Security
Cloud security is associated with protecting data, applications, and infrastructure in the cloud.
4. Internet of Things (IoT) security
Security for the Internet of Things (IoT) entails protecting smart devices and networks that are connected to the IoT. IoT devices are things that connect to the Internet with no human interference, like smart lights, thermostats, and fire alarms.
5. Application Security
Application security means handling vulnerabilities that originate as a result of insecure development procedures while designing, coding, and bringing out software or websites.

The Key Difference Between Cyber Resilience and Cybersecurity

Cybersecurity is referred to as the techniques and procedures used to protect electronic data. It involves identifying and locating data as well as implementing technology and business methods to secure it.
Cyber resilience is the capacity of your company to survive or promptly recover from cyber incidents that interfere with regular business activities.
To fully differentiate these two concepts, it is quite essential to understand the two kinds of cyber-attacks that organizations can fall victim to:
• A data breach, in which a hacker or nation-state steals sensitive information.
• A malicious activity like ransomware or a denial-of-service attack that takes your company offline or makes it hard to run your business normally.

In a nutshell, cybersecurity is the capacity of a business to ward off and mitigate the growing threat posed by cybercrime. In contrast, a company’s cyber resilience is its capacity to avert damage (to its systems, procedures, and reputation) and continue operations after data or systems are compromised. The concept of cyber resilience encompasses both adversarial and non-adversarial threats. Adversarial threats like hackers and other malicious actors), and non-adversarial threats like simple human error.

One way to look at the difference is that cyber resilience means accepting the fact that no cybersecurity solution is perfect or can protect against all cyber threats. Because of this, every business requires both aspects. The goal of the cybersecurity strategy is to prevent attacks from getting through. However, the cyber resilience strategy is in place to minimize the impact when they inevitably do.

Cybersecurity in Practice

Practical cybersecurity measures may be more obvious than cyber resilience measures. Cybersecurity includes at least:

  • The most recent firmware is running on each of your devices.
  • That anti-virus/malware protection and firewalls are up to date and working properly.
  • That the latest patches have been applied to all tools and software.
  • That all staff members at all levels of the company are educated about potential threats and the ways in which their actions contribute to the organization’s defense.

Cyber Resilience in Practice

Cyber ​​resilience measures will differ from company to company, but a good starting point is to identify where cyber incidents and events are likely to disrupt business the most.

Listing where your operation relies on technology and where sensitive and valuable data is stored and used will give you a complete picture of how service continuity may be affected.

This is where the idea of a “digital twin” can play a significant role in ensuring cyber resilience. You can gain a better understanding of the impact on total output and efficiency by using a digital, simulated model of your company or its procedures.

Top 5 cybersecurity threats to manage

1. Malware

Despite a steady downturn over the past few years, the malware remains one of the most prevalent forms of cybersecurity threats. It is a broad category that encompasses programs and lines of code that cause damage or permit unauthorized access. It is abbreviated as “malicious software.”

Malware can take many forms, including viruses, trojans, spyware, and ransomware. They can be considered as insignificant as installing unwanted pop-ups on a computer or as dangerous as stealing sensitive files and transferring them to another location.

2. Phishing

Phishing targets human vulnerabilities whereas malware depends on technical factors to cause harm. In these attacks, people are lured into giving away sensitive information or clicking on something that will put malware on their devices. They frequently serve as the starting point for larger, more harmful attacks.

Phishing typically takes the form of emails in which cybercriminals impersonate authoritative figures or offer enticing information. People’s fears and desires are frequently piqued by these messages, prompting them to act quickly and without thinking. For instance, many claim that the users have won prizes or broke the law.

3. Insider threats

While the majority of threats to cybersecurity originate from outside an organization, some of the most perilous originate within it. When a person with authorized access, like an employee, threatens a system, whether intentionally or not, this is considered an insider threat.

Several threats from insiders are not malicious. This occurs when an authorized user is the victim of phishing or posts on the wrong account by accident, putting a system in danger inadvertently. Others may act deliberately, such as dissatisfied ex-employees who take revenge on their former employer by installing malware on their computer.

4. Man-in-the-middle attacks

A type of eavesdropping known as man-in-the-middle (MITM) attacks involve cybercriminals intercepting data as it travels between points. They copy this information so that it reaches its intended destination rather than steal it in the traditional sense. As a result, it might appear as though nothing took place.

Malware, fake websites, and even hacked Wi-Fi networks are all possible methods of MITM attacks. Despite the fact that they are less prevalent than others, they pose a danger due to their difficulty in detection. It is possible for a user to enter personal information into a compromised website form without noticing it until it is too late.

A type of eavesdropping known as man-in-the-middle (MITM) attacks involve cybercriminals intercepting data as it travels between points. They copy this information so that it reaches its intended destination rather than steal it in the traditional sense. As a result, it might appear as though nothing took place.

5. Botnets

Another common type of cybersecurity threat is botnets. These are networks of various infected computers that allow threat actors to attack using multiple devices simultaneously. This usually manifests itself in the form of dispersed denial-of-service (DDoS) attacks, in which criminals overload a system with requests and cause it to crash.

Cybersecurity Checklist

Shift from Cybersecurity to Cyber Resilience

Today’s businesses need to shift from a reactive to a proactive approach to cybersecurity. In order to accomplish this, we need to place a much greater emphasis on making systems resilient, which means being able to extract the necessary outcome from all systems in the face of adverse cyber events. Cyber resilience is all about getting ready for a challenge.

For a number of years, businesses have concentrated on developing layers of cybersecurity with the intention of detecting threats and facilitating prompt responses. Despite their value, these systems exhibit a perilous strategy: The bad guys set the pace of the action. They are powerful, and they always have the advantage.

1. Strategic risk: These include business continuity, reputational risk, competition, legal insurance risks, and others. If these risks are not lessened in time, they can strike the sustainability of the organization.

2. Financial Risks: Financial risks are affected by regulatory agencies, tax complexity, and outsourcing of employees.

The aim of cyber resilience is to address that. While it is significant to identify when a breach is occurring and reduce its impact, it is equally important to become more difficult to detect, attack and damage.

Since we are all working from home on networks with poor security and IT infrastructure over which we have less control due to the pandemic, this method of cybersecurity seems reasonable. A cyber-resilient company means IT resilience.

Businesses must develop resilience against a variety of calamities besides just pandemics. Any unforeseen incident, whether it’s a natural disaster, economic change, or any other thing, should be included in a comprehensive disaster recovery plan.

Such unforeseen circumstances present numerous risk-based opportunities for risk-based pivoting. Digital transformation is the chief among them. The following four risk-based opportunities highlight the need to shift beyond cybersecurity to cyber resilience.

3. Risks of Operation. These involve organizational and digital functions, from the well-being of employees to AI and robotics. It may affect business procedures and everyone involved.

4. Remote work: An organization may be easily exposed to cyber threats as a result of this.

•Cyber ​​security is responding to cyber-attacks, whereas cyber resilience is more about anticipating potential attacks.

•Cyber ​​security relates to technologies and procedures aimed to safeguard computer systems, networks, and data against cyber risks.

Cyber ​​security looks a bit like that wall. It centered more on stopping hackers from getting past the IT security wall. Although this stops most attacks, hackers can still find ways to break through this strong wall when the environment changes.  In spite of all precautions, organizations can still be vulnerable to cyberattacks.

Building a cyber resilience program with an eye on cybersecurity

In the event of a cyberattack, backups are essential to data protection and can speed up the recovery of normal operations.

Think about this scenario: A sophisticated ransomware attack encrypts all of your data on your network. You must pay a ransom to the hackers or the encrypted data will be destroyed. You can easily recover any deleted data on a separate network if you keep regular and thorough backups of your data, giving you a higher level of cyber resilience.

Your company’s cyber resilience approach and cybersecurity posture may be enhanced more successfully if you assume the mindset of “when, not if” your organization may encounter a cyberattack.

From escalating a possible security breach to notifying law enforcement, customers, and investors, running through the measures your company would take in the event of a cybersecurity incident will help everyone involved feel more confident and enhance cyber resilience.

If everyone in your organization is on the same page about how well prepared your company is to defend itself against a cyberattack and recover business operations if the attack is successful, then successful digital risk protection and cybersecurity resilience cannot be achieved. This includes the board of directors of your organization.

Successful cybersecurity resilience and digital risk protection can only be accomplished when everyone is on the same page and understands how your company is adequately prepared to defend against cyber-attacks and resume business operations after an attack has been successful. This involves the board of directors of your organization.

Your cybersecurity and cyber resilience programs should not be considered one-time endeavours. Continuously strive to gain knowledge from your risk remediation, mitigation, and recovery efforts. For example, if you consistently receive alerts about vulnerabilities such as unpatched systems, you might want to re-examine your patching strategies and cadence.

Summary and key takeaways

  1. The practice of preventing digital attacks on programs, networks, and systems is known as cybersecurity.
  2. Cyber ​​resilience is delimited as your organization’s capacity to endure or promptly bounce back from a cyber-attack that interrupts regular business activities.
  3. In summary, cybersecurity is the ability of a business to shield and mitigate the ever-increasing threat posed by cybercrime. Cyber ​​resilience, meanwhile, refers to a company’s ability to avert damage (to its systems, procedures, and reputation) and continue operations after data or systems are compromised.

Check your understanding

Consider each of the following questions. If you are unsure of an answer, please check your reading to find the information you need before moving on to the next question.
  1. What is cyber security?
  2. What are the most important cybersecurity threats that SMEs must manage?
  3. What are the primary distinctions between cyber resilience and cybersecurity?