In this blog

  1. Introduction
  2. What is cyber resilience?
  3. Your security toolkit
  4. Conclusion
Photo of Oliver Pinson-Roxburgh

Oliver Pinson-Roxburgh

CEO and Co-Founder

24th April 2023

Introduction

Cyber criminals are relentless. Aided by automation, they are able to target any organisation with a digital presence. The reality is that any business, regardless of size or industry, is at risk of a cyber attack. In fact, 39% of UK businesses identified an attack in the past year alone. Dare I mention the undisclosed percentage of businesses that have been breached but haven’t identified it?

Prevention alone is no longer enough for your cyber security strategy. You must prepare for how your business will withstand and recover from incidents such as cyber attack or data breaches.

This is where cyber resilience comes in. Bringing together information technology security, business continuity and organisational resilience. Your cyber security strategy should not stop at ‘how do we avoid such an event?’ but instead delve into the weeds of ‘what do we do if we are attacked?’.

What is cyber resilience?

You’ve heard of the saying ‘hope for the best, prepare for the worst’. Well, this is cyber resilience. It is an organisations ability to prepare for, withstand and quickly recover from a cyber attack or data breach. Your cyber resilience plan should detail not only how you will continue to deliver business operations in the event of a cyber incident, but also how your business will get back to BAU as quickly as possible.

For many years I have talked about ‘defence in depth’. This is a good baseline approach to cyber resilience. In simple terms, it means do not rely on just one tool or process. If you have many layers to your security strategy, you’ll see much less impact if one of those layers fails. I believe now more than ever before that it is essential for businesses to adopt a cyber resilience approach. Not only to better prepare for and respond to cyber attacks, but also to encourage a change in mindset. We need to ensure cyber security is less about meeting a compliance requirement and more about efficient and effective risk management.

To get this right, your business will need to take a holistic approach involving technical measures, people, processes and technology. It’s important to not only have the right tools in place to support your goals, but also the policies and procedures that will help embed security awareness into your organisation’s culture.

Your security toolkit

Cyber resilience is often broken down into 3 core focuses – protect, detect and respond. As we’ve discussed, this includes a cultural shift towards security and compliance, as well as supporting processes. But your organisation can still lean on security tools to help, particularly with the first two – protect and detect.

The security tools I believe are critical investments for businesses of all sizes to effectively minimise their risk of cyber attack and improve cyber resilience are:

  1. Endpoint protection

    With such a large number of attacks targeting workforces, using an endpoint protection (EPP) tool is critical to help you proactively block attacks and contain a breach if it should happen. EPP solutions have evolved a lot from basic anti-virus software tools and can now also include features for content control, USB blocking, device isolation and much more.

  2. Network security

    From firewalls to intrusion detection and prevention systems, network security should already be within your existing security investment. These tools are designed to protect your organisation’s network and can provide high-fidelity data – the type that can be indicators of attack that many other log sources can’t give you. If configured correctly, these tools can be the first to trigger an alert to malicious activity.

  3. Security Information and Event Management (SIEM)

    SIEM is a software solution that aggregates and correlates your security log data from different sources to trigger actionable alerts. Using a SIEM platform can help your organisation monitor its environment for suspicious activity and understand what action needs to be taken to remediate any issues.

  4. Backup and disaster recovery

    These solutions ensure that data can be recovered in the event of a cyber attack and that your organisation can quickly return to normal operations. Most businesses do not have a defined incident response plan, which can make data loss and cyber attacks harder to recover from.

  5. Identify and access management

    By controlling who has access to resources and information within your business you can ensure that only authorised personnel can access sensitive data. This can drastically reduce the severity of a cyber incident, as you can limit what data a potential attacker is able to access and exfiltrate.

  6. Security awareness training

    Designed to educate employees about cyber threats and how to protect not only themselves but the wider organisation. When done well, this type of training is engaging and makes a real difference to your frontline security. When done poorly, it’s checking a box and providing a false sense of security. Security needs to be properly embedded in your workforce culture, otherwise you are taking unnecessary risks.

Conclusion

SIEM is an effective solution for managing security events and incidents. While deploying and managing a SIEM platform yourself is a credible option if you have your own SecOps team, it will still require a significant investment in time, resources and expertise to manage effectively. Outsourcing everything to a third party with a managed SIEM service is a much more affordable and scalable alternative, as your organisation will get access to a dedicated team of security experts who will manage and monitor the platform on your behalf. You can get back to managing other areas of your business and get alerted if there is a genuine security risk that requires your attention.

Ultimately, the choice between an outsourced SIEM service and managing it yourself will depend on your organisation’s specific needs, resources, and budget, but with cyber attacks becoming increasingly sophisticated, businesses need to consider SIEM as a critical part of their security strategy.

Photo of Oliver Pinson-Roxburgh

Oliver Pinson-Roxburgh

CEO and Co-Founder

Share this article

Start protecting your business today

Related resources