Organizational Cyber Resilience: Protecting Against Data Breaches and Cyberattacks - Essay Sample

Introduction

Cyber resilience alludes to the potential of someone to be ready for, react to, and recuperate from controls like security questionnaires and penetration testing are incapable of guaranteeing enough cyber security. The purpose of cyber resilience is to conserve ones capacity to deliver goods and services always (Ross, 2019). It can include data breaches and cyberattacks, at the same time, managing to operate perfectly. Cyber resilience of an organization is when the company is able to protect themselves from cyber threats, possess enough cybersecurity risk management, and are able to assure other organizations that they are able to move on during and after an incidence of a cyberattack (Björck, 2015).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Cyber resilience and the attack surface management in the past few years have turned up since old age security the capacity to return things to normal and also be able to continuously modify and change techniques on an as-needed grounds even if the normal techniques have failed, like times of crises or after the security breach (Mailloux, 2016).

Important Cyber Resilience

The significance of cyber resilience is due to the fact that old technique of security are inadequate to ensure enough data, network, and information security (Linkov et al., 2013). In fact, most Information Technology (IT) and Chief Information Security Officers (CISOs) security teams at the moment think that attackers will one day attain unauthorized entry to their companies (Kort, and Rudina, 2004). The fact is untimely cyber activities negatively affect the integrity, availability, and confidentiality of organizations each day. The activities maybe unintentional or intentional and lead by nature, humans, or both of them.

There are four components of a prosperous cyber resilience strategies which are:

Protect and manage: It requires creating the capacity to assess, manage, and identify cyber risks related to information and network systems, including the ones across the third and fourth party vendors (Ross et al., 2018).

Detect and identity: It involves utilization of attack surface management and progressive security monitoring to determine potential and anomalies data leaks and breaches prior to any major damages (Mailloux, Beach, and Span, 2018).

Recover and respond: The process necessitates applying enough incidence counter planning to make sure business goes on even when the organization is hit by a cyberattack (Jensen, 2015).

Govern and assure: The last element is to make sure that the organizations program of cyber resilience is controlled and followed closely from the highest level of the organization as part of the usual business (Choras, 2015).

How the Cyber Resilience Works

When any strategy of the cyber resilience is put in practice, it requires to be viewed as a counteractive measure to prevent misconfiguration, human error, and loopholes in hardware and software (Ross, 2019). Thereby, the aim of cyber resilience is to safeguard the company, while acknowledging that there is a probability of their being unprotected parts, even if the security controls are ultimately robust. The modules of all the cyber resilience strategy compose of:

Recoverability: An organization is required to return quickly to normal business after a security breach. In general, it means that the organization has data backups and infrastructure redundancies in all its businesses in case of an attack (Galinec, and Steingartner, 2017).

Threat protection: The criminals behind cyberattacks proceed in lockstep with each controls of security. What we perceived as art controls are currently the least qualification to secure an organization (Khan, and Estay, 2015).

Durability: The durability of an organization is the ability to work effectively after a breach in security (Tiirmaa-Klaar, 2016). With improving the system, attack surface management, managing vulnerability, and configuration management, improvement of cyber resilience will be noted in an organization.

Adaptability: It is paramount for organizations to adapt as they plan to grow. The organization needs to learn new tricks used by cyber attackers (Goldman, McQuaid, and Picciotto, 2011).

Benefits of Cyber Resilience

A range of benefits are provided by cyber resilience strategies before and after cyberattacks, they include:

Legal and regulatory compliance: it is a requirement for numerous industries to have cyber resilience. For instance, the Federal Information Security Management (FISMA) expounds on a system for controlling data privacy that needs to be followed by all data systems operated or utilized the in the U.S. legislative or executive branches (Tendulkar, 2013).

A better IT team: Among the underemphasized cyber resilience benefits is that it advances the IT departments operations every day (Herrington, and Aldrich, 2013). An IT team that is used to cyberattacks increases their ability to fight the threat.

Reduced financial loss: However good a company’s security is, there is no immunity to misconfiguration and cyberattacks. Millions of dollars are lost yearly due to data bleach, an amount capable of killing the medium and small organizations (Williams, and Manheke, 2010).

Improved internal processes and work culture: Each employee in the cyber resilience team has a duty to fulfil in safeguarding sensitive organization's data and fast response to attacks (Linkov, and Kott, 2019). If they are empowered to act with seriousness, sensitive assets and data is safe.

Enhanced systems security: The organization is able to create tactics to boost safety, improve IT governance, and secure critical assets through cyber resilience (Hult, and Sivanesan, 2014).

Increased vendor and customer trust: Trust is a two-way path and it is critical that an institution acquire cyber resiliency strategies prior to demanding the same from vendors. Effective cyber resiliency builds a great reputation to vendors and customers (Herrington, and Aldrich, 2013).

Conclusion

In conclusion, cyber resilience assists organizations to be ready for the criminals at all times. Cyberattacks are like a disease to a human being, one can be healthy today and tomorrow they are on the lied in hospital. Organizations need the best people they can afford and the best response to prevent large damages. If an organization is always one step ahead of the attacker, they lower their chances of being beaten.

References

Björck, F., Henkel, M., Stirna, J. and Zdravkovic, J., 2015. Cyber resilience–fundamentals for a definition. In New contributions in information systems and technologies (pp. 311-316). Springer, Cham.

Choras, M., Kozik, R., Bruna, M.P.T., Yautsiukhin, A., Churchill, A., Maciejewska, I., Eguinoa, I. and Jomni, A., 2015, August. Comprehensive approach to increase cyber security and resilience. In 2015 10th International Conference on Availability, Reliability and Security (pp. 686-692). IEEE.

Galinec, D. and Steingartner, W., 2017, November. Combining cybersecurity and cyber defense to achieve cyber resilience. In 2017 IEEE 14th International Scientific Conference on Informatics (pp. 87-93). IEEE.

Goldman, H., McQuaid, R. and Picciotto, J., 2011, November. Cyber resilience for mission assurance. In 2011 IEEE International Conference on Technologies for Homeland Security (HST) (pp. 236-241). IEEE.

Herrington, L. and Aldrich, R., 2013. The future of cyber-resilience in an age of global complexity. Politics, 33(4), pp.299-310.

Hult, F. and Sivanesan, G., 2014. What good cyber resilience looks like. Journal of business continuity & emergency planning, 7(2), pp.112-125.

Jensen, L., 2015. Challenges in maritime cyber-resilience. Technology Innovation Management Review, 5(4), p.35.

Khan, O. and Estay, D.A.S., 2015. Supply chain cyber-resilience: Creating an agenda for future research. Technology Innovation Management Review, (April), pp.6-12.

Kort, S. and Rudina, E., 2004. The resilience model supporting IIoT system trustworthiness. Computing, 1(1).

Linkov, I., Eisenberg, D.A., Plourde, K., Seager, T.P., Allen, J. and Kott, A., 2013. Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4), pp.471-476.

Linkov, I. and Kott, A., 2019. Fundamental concepts of cyber resilience: Introduction and overview. In Cyber resilience of systems and networks (pp. 1-25). Springer, Cham.

Mailloux, L.O., McEvilley, M.A., Khou, S. and Pecarina, J.M., 2016. Putting the" Systems" in Security Engineering: An Examination of NIST Special Publication 800-160. IEEE Security & Privacy, 14(4), pp.76-80.

Mailloux, L.O., Beach, P.M. and Span, M.T., 2018, April. Examination of security design principles from NIST SP 800-160. In 2018 Annual IEEE International Systems Conference (SysCon) (pp. 1-8). IEEE.

Ross, R., Pillitteri, V., Graubart, R., Bodeau, D. and McQuaid, R., 2019. Developing cyber resilient systems: a systems security engineering approach (No. NIST Special Publication (SP) 800-160 Vol. 2 (Draft)). National Institute of Standards and Technology.

Ross, R., Graubart, R., Bodeau, D. and McQuaid, R., 2018. Systems Security Engineering: Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems (No. NIST Special Publication (SP) 800-160 Vol. 2 (Draft)). National Institute of Standards and Technology.

Tendulkar, R., 2013. Cyber-crime, securities markets and systemic risk. CFA Digest, 43(4), pp.35-43.

Tiirmaa-Klaar, H., 2016. Building national cyber resilience and protecting critical information infrastructure. Journal of Cyber Policy, 1(1), pp.94-106.

Williams, P.A. and Manheke, R.J., 2010. Small Business-A Cyber Resilience Vulnerability.