Five tips to increase your organization's cyber resilience
Published on 15/04/2022 in Tech, tips & tricks
Cyber resilience - the ability to act quickly in the event of a cybersecurity incident - is considered a critical requirement for business continuity. These five tips are indispensable for any organization.
1. Make sure your organization is properly protected
Prevention is always better than cure, also in cybersecurity. Using state-of-the-art security means you stop as many attacks as possible. Reduce your attack surface through zero-trust principles application. Preventive measures do not provide total protection against hacking, but they remain the best way to reduce the number of incidents. Security is only as strong as the weakest link, so remember to involve your users in your organization's security!
2. Make backups that are isolated from the network
Attackers that want to harm your organization try to disable your important information, applications and production systems. For example by using ransomware. When that happens, they also target the backups of that information, applications and systems. It is therefore important to provide regular backups that are disconnected from the network, for example on tapes, or use immutable backups or snapshots so that you can always restore your crucial data.
Wouter Vandenbussche, Product Owner Cybersecurity at Proximus, on how to prevent cyber threats and reduce their impact.
3. Monitor your security environment 24/7 and discover incidents quickly
To limit the impact of a successful cyber attack, it is necessary to detect such an attack quickly. That requires continuous monitoring of your security environment that quickly analyzes suspicious situations. This, in turn, allows your organization to act quickly when an incident occurs, thus minimizing damage.
4. Apply automated quarantine, especially in the case of ransomware
When using Endpoint Detection and Response (EDR) or Security, Orchestration, Automation and Response (SOAR) solutions, responses to an incident are automated. As soon as such a solution detects suspicious activity, like file encryption, it can automatically quarantine the workstation or server. This prevents other systems from being contaminated. Firewall ports can be closed automatically to prevent further damage to your business. Once the threat has been resolved, the system can be taken out of isolation again.
5. Provide tools and processes that enable rapid recovery
When there is an incident, you need to be able to act quickly. That is why preparing a plan with all the actions needed to reduce the impact of an attack and ensure continuity of operations is a good idea. It is best to test such a plan regularly using a cybersecurity ‘fire drill’. That way, you can check whether your backups can be restored, whether the failover of your redundant systems works, etc. Having a contract with a Cybersecurity Incident Response Team (CSIRT) can be useful if you do not have enough in-house expertise to handle an incident yourself.
Do you have concerns about your organization's cybersecurity? Talk to one of our experts.