ITHQ Blog

Why being resilient does not mean 'never getting breached'

Written by ITHQ Tech Team | 23-Apr-2024 12:58:46

In an era where corporate digital fortresses are besieged by an endless barrage of cyber threats, the recent breach of MITRE - a beacon of cybersecurity protocol and standards - serves as a stark reminder: no entity, however fortified, is impervious to breaches. In fact, resilience today is all about how you prepare for, and recover from, the inevitable storming of the castle ... something that MITRE did extremely well.

Assume breach: embrace this truth and you're on your way to resilience
The tale of MITRE, masterminds of the revered MITRE ATT&CK cyber tech tests, underscores that breaches are now not a matter of 'if' but 'when'.

Key lesson from this is not one of unavoidable doom, but rather of the power of preparation. Security Week reported: MITRE’s investigation is ongoing, but at this point there is no evidence that its core enterprise network or partners’ systems are impacted by the incident.

MITRE has dealt with the breach and is back to business as usual, demonstrating the very definition of resilience. This result only comes from being prepared and having a plan of how to deal with a breach. Compare this with Travelex in 2020 when it was hit with a ransomware attack that led to bankruptcy.

Time for everyone to drop the fear of a breach and pivot to face the enemy. We know it's coming, so our job is to get ready for that day.

This is a liberating change of view because it puts us into a position of action and power. You are no longer at the mercy of trusting the traditional ideal of static, solid security; a portcullis that you rattle every now and then by way of a security check and hope for the best.

Instead, you have a dynamic cycle of resilience protocols that are regularly reviewed and fall into one of four categories: anticipate, withstand, recover, and evolve.

Anticipate: preparing for tomorrow's zero days
Anticipation is your first line of defence. It involves understanding the changing nature of threats, recognising the signs of a breach, and employing a suite of technological solutions that are strategically deployed. Continuous threat intelligence and proactive monitoring go a long way in preparing your network to fend off attackers or to minimise damage when they do get through. But it’s not just about technology; it’s about people too. Regular training sessions for employees on the latest threats and best security practices form the backbone of any resilient organisation.

Withstand: building up robust defences
Withstanding an attack certainly means having the right defences in place, such as advanced firewalls, intrusion detection systems, and robust authentication processes. Most importantly, it is being able to contain the attack, limiting its footprint, so that you can continue to run your business with minimal disruption.

Recover: developing swift, strategic response plans
Post-breach recovery is critical. The speed at which you can return to normal operations directly influences the financial and reputational impact of an attack. This requires having well-documented incident response plans that can be executed immediately. Minimising downtime is crucial, and so is transparent communication with stakeholders during the recovery process to maintain trust and confidence.

Evolve: using lessons learned
Finally, evolution is about turning each breach into a learning opportunity. Analyze what happened, what was targeted, what defences failed, and most importantly, why. Use this analysis to refine your cybersecurity strategy, update your policies, and strengthen your system against future attacks. This cyclical process of learning and evolving helps build an adaptive and resilient cybersecurity posture.

Our brave new hyper-connected world
Cybersecurity breaches are a reality that we must be prepared to face head-on. Only by embracing a strategy that focuses on anticipating, withstanding, recovering, and evolving from attacks, will organisations strengthen their resilience.

Remember, resilience is not just about having the strongest walls, but being able to rise swiftly and smarter after they’ve been breached. As we continue to navigate this digital age, let's shift our focus from the impossible goal of complete breach prevention to the achievable goal of resilience.