Improving Cyber Resilience Through Business Context

Cloud Improving Cyber Resilience Through Business Context Tony Bradley Senior Contributor Opinions expressed by Forbes Contributors are their own. I cover all things tech and the impact tech has on everyday life. Following New! Follow this author to stay notified about their latest stories.

Got it! Oct 4, 2022, 01:13pm EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin The goal of cybersecurity is cyber resilience—and achieving it depends on your visibility and . . .

[+] understanding of the business context of your attack surface. getty While the aspirational goal of cybersecurity is to stop all attacks, 100% prevention just isn’t possible. The reality is that an attacker only has to find one weakness or vulnerability.

The attack surface that organizations need to defend is increasingly complex, and the threat landscape continues to rapidly expand—making it virtually impossible to prevent 100% of attacks. While detecting and blocking threats is important, the true goal of cybersecurity is cyber resilience—to ensure cyberattacks do not disrupt operations and productivity. The first step to cyber resilience is understanding the business context of a compromise: what business services are or can be impacted, and what does that mean to the business.

Under Cyber Siege As organizations embrace and pursue digital transformation, the interconnected nature of applications, devices, users and data flows that drive a digital enterprise also create complexity that results in an increased attack surface and operational inefficiencies. The impact of these relationships and dependencies can bring costly consequences, including business disruptions, non-compliance fines, remediation expenses, loss of revenue, and loss of reputation. The threat landscape is daunting.

There are more than 1 billion malware programs in existence, and more than half a million new malware samples are detected every day. Ransomware has emerged as a top threat keeping IT security teams up at night. There have been a number of very high-profile ransomware attacks, like the attack in early 2021 on Colonial Pipeline , or the ransomware attack on Liberty College that forced the 157-year-old institution to close permanently.

But organizations of all sizes and across all industries are crippled by ransomware attacks every day. There was a 20% increase in ransomware attacks targeting corporations from 2019 to 2020—with a 40% spike in the average cost of a ransomware incident. MORE FOR YOU Patrick Byrne Of Overstock Fame Says He Was Involved In Monthslong Effort To Overturn 2020 Election After Korean Debut ‘Big Mouth’ Airs On Disney+ In UK And Hulu In US Chris Pratt’s ‘Super Mario Bros.

’ Movie Gets A Poster Smarter Security Strategy Companies understand that reducing cyber risk is an increasingly important business imperative. The rising threat of malware, ransomware attacks, and other cyber threats is having a greater impact on operations, resulting in costly disruptions to business. To fight back, businesses are spending more of their annual budgets on security solutions.

Unfortunately, those investments don’t necessarily solve the problem. In spite of those initiatives, 9 out of 10 security leaders believe their organization is not adequately prepared to address cyber risks. Spending more will not improve cyber resilience in and of itself.

Reducing risk is a function of understanding the entire attack surface, understanding the business context of a compromise (for example, is it part of an application critical to the business or have a relationship with a critical application?), and taking steps to identify and address gaps in the defenses. Where and how security investments are allocated is important. Reducing Cyber Risk Organizations need to be able to visualize the attack surface in context of the business services that make up the company to effectively prioritize mitigation efforts.

Hybrid and multi-cloud environments, combined with containers, internet-of-things (IoT) technologies, SaaS applications, and digital supply chain concerns make this effort more challenging. A cyber asset attack surface management (CAASM) solution provides visibility of internal assets—typically through API integrations with existing tools—to identify gaps in security controls and reveal weaknesses in the security posture that need to be addressed and remediated. vArmour takes this a step further and provides insight into what many have thought impossible or extremely difficult to accomplish: for any given asset, what application, and hence, what business unit does that asset belong to.

Furthermore, what critical applications have relationships to any given asset. As an example, knowing whether a compromised workload is a part of critical application managing bank-to-bank SWIFT transactions will greatly dictate the remediation plan. If you want to build cyber resiliency, you need to start with a comprehensive and unifying mapping of the entire enterprise digital estate.

Periodic snapshots are inadequate because IT environments are constantly shifting and evolving. You need real-time, continuous management and inventory controls of all assets, apps, and users to effectively improve threat response and security controls. Mapping the attack surface continuously allows you to identify gaps and understand dependencies in real-time.

vArmour provides this visibility with a step-by-step approach: Discover and visualize every application, every identity, and ever relationship (and data flows) across the enterprise environment to map the total attack surface. Observe the interactions across all of these identities to establish a baseline for normal activity so you can recognize anomalous actions or behavior. Establish and verify consistent application-centric access control policies to natively enforce security across your existing infrastructure and applications.

vArmour automatically visualizes and maps the relationships and dependencies of all applications with continuous accuracy in a matter of days instead of months, unlike current manual approaches that are resource-intensive, error-prone, and instantly out-of-date. This insight is essential because it provides visibility of the total attack surface to enable IT security teams to reduce cyber risk. Understanding the business context of applications and their relationships is critical to effectively manage the attack surface.

It reduces the chances of a successful cyberattack, and improves cyber resilience for the organization, so IT security teams can sleep at night with confidence that business will continue regardless of what threat actors throw at them. Follow me on Twitter or LinkedIn . Check out my website .

Tony Bradley Editorial Standards Print Reprints & Permissions.