The first Panda Security Summit (#PASS2018), which brought the CIOs and CISOs of European companies to Madrid on May 18, served to underscore the concept of cyber-resilience as a key trend in the current cybersecurity environment. But what do we mean when we talk about how important it is for a company to be cyber resilient?
Being resilient is a must
A cyber-resilient company is one that can prevent, detect, contain, and recover from a cyberattack, minimizing exposure time and the impact of countless serious threats against data, applications and IT infrastructure. This is how the latest Panda Security report, presented at #PASS2018, defines it: ‘Cyber-resilience: the key to business security’.
Until recently, financial companies and governments were the main targets of cyberattacks. Nowadays, companies of every size and sector depend to a greater or lesser extent on the Internet to carry out their business and, as a consequence, the threat has become universal. As these dangers increase, the current approaches to maintaining cyber-resilience are no longer enough. Cybersecurity management needs an in-depth review with new security models.
To do this, companies must adopt a new, comprehensive, strategic, and persistent stance, with a new approach to their security program that can provide protection without imposing undue restrictions on their business. This new stance must be based on strengthening preventative defenses, accepting that these defenses can be overcome by the attackers, or that the attackers may already be present within the organization. In fact, malware concealment and new technologies to penetrate defenses are allowing threats to stay on corporate networks for long periods without being detected.
How to adopt a cyber-resilient stance in your company
Cybersecurity must be treated as a corporate risk management problem, and not as a purely IT based problem. To manage this, companies need to carry out tasks like prioritizing the most valuable assets in the organization, finding out the most relevant threats and adversaries, adopting an ongoing crisis stance, or continually implementing initiatives to minimize risks.
The organization’s processes, technologies, tools, and security services must be reviewed and adjusted as threats evolve, as part of a continuous improvement process based on wariness. Being resilient means that this adaptation needs to be carried out as fast as possible, or even in real time. It’s also necessary to create a full register of all assets, from data to applications, and monitor all actions that are carried out with them.
Cyber-resilient companies also have to assume that, sooner or later, they will be compromised by a cyberattack. To correctly manage their cybersecurity, organizations need to understand and adopt the ‘cycle of resilience’, whose key phases are:
- In the pre-incident phase, they will have to do so through the ability to better prevent and resist threats, making use of advanced cybersecurity technologies that can detect known and unknown, or zero-day malware.
- During the incident, the resilient attitude is implemented by quickly reacting to sudden threats with detection, containment, and response. For this, it’s necessary to make the most of the new paradigms that are arising as a result of the monitoring and visibility capabilities that Endpoint Detection and Response (EDR) solutions provide.
- The post-incident phase is developed by absorbing impacts while strategic security objectives are still met and the operative environment is reconstructed, in such a way that future sources of threats are eliminated.
When it comes to minimizing the impact on business, the time that passes between a breach and its discovery, is the decisive factor in the overall cost of the incident In this sense, monitoring, visibility of what happens on endpoints, and technologies that allow the detection and investigation process to be automated, such as Panda Adaptive Defense, drastically reduce this time.
Longer response times for more severe incidents
The report also reflects the fact that the increase in the volume and severity of cybersecurity incidents detected by a majority of companies –64% and 65% respectively–, has meant an increase in detection and response times in 57% of cases.
What’s more, it identifies as highly cyber-resilient companies that have robust cyberattack prevention (72%), detection (68%), containment (61%) and response (67%) systems. Another distinctive feature of these companies is that they have in place a Computer Security Incident Response Plan (CSIRP), with professionals specialized in its application (91%), and are led by managers who understand that high cyber-resilience is directly related to economic growth (63%) and the company’s reputation (69%).
The growing number of threats, and the more sophisticated nature of attacks pose a challenge for companies’ cybersecurity, compelling them to review their cybersecurity program to make their organization cyber-resilient. At Panda Security, we have at our disposal the latest technology as well as the most highly skilled team of experts to help your company to achieve this goal, with a new security model that has all the answers.