Maintaining and developing cyber resilience is more important than ever in the rapidly evolving security environment. As there’s no such thing as watertight cyber security, in addition to preventive protection, we must also develop organizational abilities to anticipate, prepare for and recover from potential cyberattacks.
Ideally, resilience is built on both personal and organizational levels and in cooperation with the company’s entire value network and governmental actors involved in critical security.
Cyber resilience combines digital and physical security and good planning
The development of cyber resilience starts by identifying a current threat and acknowledging how serious it is – by understanding that the threat may very well materialize and that there is a need for protection. Instead of fear, threats should be met with calmness and by evaluating their probability and real-life impact. You should monitor the status of the threat in real time through the Security Operations Center (SOC) and ensure real-time communication with top-level management. The altered situation and even the threat of a cyber war applies to us all and should not be dismissed. The need for mental cyber tolerance is emphasized when facing insecurity and the unknown.
In addition to maintaining situational awareness, organizations must ensure that the basic foundations of digital security are in place. For example, cyber security audits and testing by an external party are an efficient way to identify weaknesses and development areas related to cyber security management and maintenance.
Along with digital security, physical security is an important part of cyber resilience. Today, the probability of foreign intelligence investigating our critical infrastructure is higher than ever. In practice, this may mean that an employee is being blackmailed by threatening his or her family, especially if they live in another country. Threats like this require cooperation with the authorities. In the current global situation, espionage and intelligence have become business as usual. Therefore, it is good to understand that in certain businesses there are people who are actively being targeted. Parties performing hybrid operations work by combining information from various sources to form a bigger picture, utilized for influencing. Each of us should thus be conscious about what we talk about, where we talk and who we talk to. Eavesdropping on phone conversations in foreign countries is not unheard of.
You should also ensure the safety of your personal identity information and never provide these to a third party. By now, this should be common knowledge, but identity thefts still remain one of the most typical schemes for cyber criminals. Media literacy is an important civic skill that has quickly become invaluable: if something seems suspicious, there’s probably a good reason for it. Strong, multiple-phase user identification in online services considerably improves cyber security.
However, being well prepared is not always enough. Therefore, planning the continuity of your business is one of the key tools for cyber resilience. The operative management of the company holds the responsibility for this. When a threat materializes and panic takes over, decision-making becomes blurry and prone for mistakes. When you have a ready-made game plan in place, doing the right things and recovery from the attack is faster. In addition to your organization’s responsibilities and actions, you should consider whether you need to cooperate with partners, who these partners are and how to reach them. Contingency planning is like a travel insurance: when you actually need it, you couldn’t do without it.
Cyber resilience is not built in a bubble
Once you have taken the steps to develop cyber resilience within your own organization, it’s useful to take a broader look. Due to their limited resources, small and medium-size businesses are the most vulnerable organizations. Attacks targeted at smaller businesses may have major impact within the larger subcontracting chain. It’s not unheard of that major organizations are manipulated through their value chains and the weaknesses of their smaller partners. Consequently, it is important for large organizations to help the smaller actors in their network whenever possible. Cyber resilience knows no boundaries when it comes to organizational or national borders or responsibilities.
In addition to the efforts by individual organizations, the development of cyber resilience is one of the key tasks for the national government. While Finland has a good, strong brand as a skilled cyber actor, we have to keep the bar high by ensuring the availability of experts and managing cyber security on a governmental level as uniformly as possible. This is the only way to ensure our success in a world that is changing and where cyber self-sufficiency is more important than ever.
How to develop cyber resilience
1. Ensure that your organization’s board and operative management understand the gravity of the situation and that they have a good, real-time situational awareness of cyber security.
2. Inform and train your entire staff on cyber security threats in both their professional and personal lives.
3. Ensure that the foundations of digital security are in place. Consult an external partner when needed.
4. Ensure that physical security and access control are well-managed in your organization.
5. Keep your contingency plans up to date. Identify your key responsibilities and partners in case a treat materializes, and practise in advance.
6. Evaluate the overall security of your value chain as a whole. Help your partners – after all, they are part of your cyber resilience.
7. Use situational scenarios to practise for any foreseeable threats in advance.
Jari Mielonen, Executive Vice President, Insta Group & Chairman of the Board, FISC