Cyber resilience: how to limit the real cost of cyberattacks

It’s an uneventful morning in the IT department of a major bank … until the alarms go off. Despite the bank’s firewalls and antivirus software, attackers have found a vulnerability in third-party software.

The good news is that the intrusion-detection system has done its job, flagging unusual activity that indicates a ransomware attack. Even better, the bank has implemented both robust cybersecurity and extensive cyber resilience measures, so they can restore their systems in just a few days.

Here’s how.

Cyber resilience at work

As the IT team springs into action, the incident response team initiates a well-documented response plan. They inform key stakeholders, including the bank’s cyber insurance provider and legal counsel. They isolate affected systems to prevent the ransomware from spreading.

By the next day, the IT team has patched the vulnerability and scanned the network to check all other systems. The incident response team assesses the systems encrypted by the ransomware and starts the recovery process from the bank’s air-gapped backups, which are stored offsite. (An air gap physically isolates a computer or network from other networks so that it cannot be accessed remotely.)

On day three, they use the bank’s clean-room recovery environment to restore the affected systems. This isolated environment keeps the restored data and systems free from any remnant effects of the ransomware. They also conduct a post-incident analysis that may lead to stricter controls on third-party software and more regular vulnerability assessments.

Overall, the bank’s systems are fully restored in two to four days, with little to no data loss. Their cybersecurity measures were crucial in detecting and containing the attack, while their cyber resilience measures helped them to recover and adapt swiftly, with very little impact on their operations and customers.

The growing importance of cyber resilience

Cyber resilience is now firmly on the corporate agenda because the frequency and severity of cyberattacks, such as ransomware, phishing and supply chain breaches, are on the rise. There is no more “if”: this will happen to your organization at some point, and it poses significant risks to business continuity and data integrity.

As we’ve seen from this example, cyber resilience refers to your organization’s ability to keep your business operations going, with little downtime, despite being adversely affected by cyberattacks or other events. Along with enabling business continuity, it limits financial loss and reputational damage.

Where traditional cybersecurity focuses primarily on prevention and detection, the broader scope of cyber resilience also encompasses response and recovery:

• Prevention: Controls are put in place to secure the environment and prevent cyberattacks.
• Detection: Advanced threat-detection and monitoring systems proactively identify and mitigate risks, using AI and machine learning to identify potential threats faster and more accurately. Ongoing surveillance and behavioral analytics help to identify suspicious activities or breaches.
• Response: Activating comprehensive and integrated response plans ultimately minimizes the impact of cyberincidents.
• Recovery: Robust recovery solutions and protocols – including air-gapped attack backups and data vaults – are crucial for restoring operations quickly and securely after an attack.

Keeping an eye on security with the three I’s

The three I’s of cyber resilience – immutability, isolation and intelligence – are fundamental for protecting data, containing threats, and proactively detecting and responding to cyber risks.

Immutability means making sure that nothing can manipulate or change your data. Isolation refers to solutions like air gaps that prevent contamination. Intelligence is about using AI and machine learning to scan and monitor all your data, continuously and proactively, to keep it safe and clean.

• ALSO READ → Securing success: why cyber resilience is crucial to business resilience and performance

Cyber resilience is about more than technology

Do your employees know what to do when a cyberattack occurs? Who should they contact? Are the right capabilities in place to recover from it? If you have a backup solution, have you stress-tested it to see if it’s still fit for purpose?

Cyber resilience is about more than installing the right technologies. It also involves developing the right business processes and training employees accordingly.

But there are always trade-offs between risk exposure and investment in security, and there’s no one-size-fits-all solution. Your security and recovery must be tailored to your organization’s risk profile and take your business priorities into account.

This is an area where the partnership between NTT DATA and Dell Technologies excels. To keep our clients both safe and resilient, we combine the security infrastructure itself – a Dell Technologies specialty – with NTT DATA’s security consulting expertise in business processes, cloud, networks, data centers, applications and more.

These services make the difference between simply recovering data and properly relaunching your business after a cyberattack.

Don’t forget training and compliance

Cyber resilience also requires ongoing effort, including regular testing of security measures, employee training and monitoring – all essential practices where Dell Technologies and NTT DATA can add value.

Our strategies are also designed to comply with global and regional regulations, such as the European Union’s Digital Operational Resilience Act (DORA) and Network and Information Systems Directive 2 (NIS2), among other data-protection laws around the world.

Noncompliance – especially in highly regulated industries like financial services – can lead to severe penalties. A strong cyber resilience framework helps you avoid these pitfalls and keep your organization compliant with relevant laws and standards.

• ALSO READ → Countdown to compliance: how NIS2 will transform OT security

Make your organization more resilient today

Integrating cyber resilience into your overall business strategies gives you a strategic advantage.

Work with Dell Technologies and NTT DATA to bring this forward-thinking approach to cybersecurity into your organization in the face of escalating cyberthreats.

This article includes contributions by Zaheer Haniff, CTO of Data Protection and Cyber Resilience at Dell Technologies.