Failing To Have a Trust-Based Cyber Resilience Plan Is Planning To Fail
- By Sathish Murthy, Cohesity ASEAN & India
- January 31, 2024
Organizations now operate in a world increasingly being defined by cyberattacks and data breaches, which are now a 'when' not 'if' reality, and that will see security spending in the Asia-Pacific region increase by 16.7% by the end of 2023, according to IDC forecasts.
With the Singapore Police Force finding that cybercrime rose by 25% between 2021 and 2022 in their latest full-year report, it is little wonder why business, IT, and Security leaders are looking to maximize their cybersecurity and data security investment.
However, there is more than just the increase in frequency and sophistication of cyberattacks or increasing investments for decision-makers to consider when beefing up their cybersecurity and data security capabilities.
Some organizations and their IT or security teams may have a heftier workload to keep up with these new requirements and standards, and compliance may be challenging.
However, this is why modern technology platforms that manage and secure data are vital, as these allow organizations to scale, simplify, and save on the costs of securing, managing, protecting, and backing up data. These platforms also provide organizations with visibility of the amount, types, and size of the data they hold, which is vital to compiling and adhering to these new standards or frameworks.
Quality, innovation, and price all factor into how an organization prioritizes acquiring and adopting technology capabilities that provide them with the best cybersecurity and data security for their requirements.
Equally, how data security and management capabilities support an organization in establishing or maintaining cyber resilience—the ability to maintain business continuity despite suffering an adverse cyber event—must also be a significant focus. If cyber resilience is not the priority outcome, an organization will struggle 'when' not 'if' a cyber incident occurs because all their eggs will have been in the basket of prevention and not more evenly distributed to response.
Different strokes for different dolks
As with any strategic initiative, technology or otherwise, the objective of a cyber resilience strategy will drive the organization's approach. Often, organizations will follow specific routes or even multiple routes to building and implementing their cyber resilience strategy:
- Doing it themselves or the ‘DIY’ route: Some organizations will choose to build a cyber resilience solution, which will likely be composed of a mix of commercial and open-source solutions, and price may be an influence, too. While open-source software is a foundational aspect of many applications, it can be highly susceptible to security risks, specifically around the supply chain. However, this approach is problematic because you don’t know where the code is coming from, where you can get support for these tools, and who will be available to resolve issues when they arise. Understanding what is in your open-source code and how to manage the potential risks to help identify security weaknesses and vulnerabilities is vital with this approach—but the tradeoff is time and human resource investment that could be better spent on more mission-critical tasks.
- The ‘All in One’ route: Undoubtedly, if everything could be resolved by a single platform, that would be ideal, which is why organizations are drawn to a single, simple-to-use, scalable data security and protection solution. However, cybersecurity is a complex challenge requiring specialist capabilities across endpoints, perimeter, applications, and data. Having only a single platform risks a scenario of having a 'jack of all trades, but master of none' platform that is not the solution initially being sought. Instead, organizations should look for platforms that balance depth and capability with extensibility to other platforms, which cover other key security areas.
- The ‘Best of Breed’ route: Organizations should aim to use the best solutions from market leaders within their respective areas of technology capability, allowing for integration with other best-in-class solutions and their IT and Security teams to collaborate. For example, Cohesity's platform helps organizations protect themselves against network compromise incidents by identifying malicious activity and alerting the organization to malicious changes to their data's size, format, duplication, or deletion. The benefit of having a cohesive and comprehensive security environment cannot be underestimated because it allows organizations to achieve efficiencies in the good times and rally in the bad times. This customized, strategic approach provides depth and breadth within a security posture and helps establish or maintain cyber resilience.
Trust trumps all
There is certainly no silver bullet in cybersecurity and cyber resilience; however, starting with a well-designed, strategic plan that is implemented through an effective approach will define how an organization can respond to and recover from cyberattacks. All approaches have their tradeoffs; the DIY approach offers short- to medium-term cost savings but may provide fewer capabilities or reliability, and the all-in-one approach means betting on one vendor to offer a superman-like offering. Still, organizations need breadth and depth in their capabilities. This is why a best-of-breed approach is ideal, as it helps provide assurances that organizations are getting the best solutions that balance capability, breadth, depth, and extensibility—and it's how Cohesity has gone about building our offering.
Organizations considerately, conclusively, and assuredly follow this approach by focusing on:
- Process: Your security organization has well-defined processes for monitoring, detection, response, and remediation. How well does a solution support these activities? Is it complementary to them? How does it enhance effectiveness?
- Alignment: The threat environment is constantly evolving, alongside changing business needs and developing technology trends. How will this potential investment keep pace, and is it extensible?
- Product: Will this solution allow for integrating tool chains between infrastructure and security? Will it facilitate automation, reduce or remove human error, and increase the fidelity of data insights?
- Services: Building a cyber resilience plan is vital to business continuity. It sits above any single silo of technology. Are there consultative partners that can help a business integrate and build capability to meet their needs?
- Incident collaboration: Data recovery and business continuity are everything when an incident occurs. Will this solution step up to the plate, and can you count on a team approach from your technology provider?
When an adverse cyber event occurs, a company’s business continuity, revenue, and brand are on the line. This is why cyber resilience and the trust it provides are vital. A best-of-breed approach to technology and capability acquisition offers the greatest assurance level. It helps instill trust between your IT and Security teams and your security solutions ecosystem.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/Jolygon
Sathish Murthy, Cohesity ASEAN & India
Sathish Murthy is the senior systems engineering lead at Cohesity ASEAN & India. He is an experienced regional engineering and technology solutions leader, who brings over two decades of experience in the information and communications technology industry.