Cyber resilience in practice: winning strategies and best practices.

Cyber resilience is key to keeping a company up and running in the event of an attack. This article highlights practical approaches to strengthening cyber resilience and provides a checklist summarising key steps and measures.

September 2024, Text Andreas Heer           4 Min.

It’s easy to ask questions about how resilient you are to a cyberattack: How can I guarantee operations after a ransomware or DDoS attack? Am I affected by new types of security loopholes and attacks, and what impact do they have? Answers to these and similar questions about a company’s cyber resilience, on the other hand, are a little harder to come by. They boil down to knowing your own cybersecurity posture – your current level of protection.

This article highlights practical approaches to strengthening cyber resilience. A checklist summarising key steps is provided at the end.

Preparation: defining your cybersecurity posture

Analysing the current situation is key to identifying and eliminating vulnerabilities in your cyber defence. ‘We monitor the general threat status, carry out ongoing risk analysis and validate our security measures,’ says Marco Wyrsch, Chief Security Officer (CSO) of Swisscom.

Behind this lies a whole range of precautions encompassing technology, processes and people: such as penetration tests, vulnerability scanning and red teaming to uncover vulnerabilities in the infrastructure. Collaboration with people and organisations outside the company plays an important role here, emphasises Marco Wyrsch: ‘Our Bug Bounty programme provides us with valuable information about vulnerabilities in our own services, while exchanging information with partners provides insights that we can incorporate into our cyber defence.’

This combination of ongoing monitoring of the situation and the infrastructure provides a multitude of signals. ‘That’s a challenge,’ admits Marco Wyrsch. ‘Which is why we take a risk-oriented approach and rely on tools that help us set the right priorities.’

Implementation: strengthening cyber resilience

These priorities are then used to classify and implement measures according to the phases of the NIST Cybersecurity Framework (CSF). ‘These are organisational, procedural and technical measures, but also measures that address the potential of employees,’ explains Marco Wyrsch. The focus is on people, Swisscom’s CSO emphasises: ‘We want to enable our employees to do their jobs safely. In turn, we create security for them as well as resilience that extends not just to technology, but to every single employee.’

When it comes to technical protection, Marco Wyrsch relies on modern approaches such as security by design and multi-layer defence in depth. ‘Zero-trust approaches are also increasingly being used,’ he adds.

Businesses resist cyberattacks through cyber resilience. The PAC trend study explains how you can make your organisation more resilient.

‘We want to empower employees to do their jobs safely. In doing so, we create resilience that extends not just to technology, but to every single employee.’

Marco Wyrsch, CSO Swisscom

The approaches for threat detection and response are also multi-level. ‘We’re constantly optimising them,’ says Marco Wyrsch. ‘On the one hand, to always be up to date with the latest technology and current threats. And on the other hand, to be able to offer cybersecurity employees an attractive working environment where they have to deal with trivial incidents as little as possible.’ Handling of these incidents is automated wherever possible and at least pre-triaged and processed using machine learning or generative AI.

The recipe for success: cross-divisional collaboration 

Just as cybersecurity measures take place at different levels, they are also implemented and developed in different IT and business divisions. This cross-divisional collaboration is essential to fostering a security culture throughout the company, emphasises Marco Wyrsch: ‘Collaboration is the key to successful security measures and establishing a resilient organisation. Without the people who implement, develop and operate the measures on a day-to-day basis, it would be impossible to achieve the scaling we need.’ 

Due to an increasing number of regulations, cybersecurity is also becoming increasingly important from a compliance and legal perspective. Marco Wyrsch describes its role as follows: ‘Security often acts as a bridge between business units such as IT and the various legal divisions to implement compliance requirements and establish effective and resilient cyber defence with risk-based measures.’

The human factor not only plays a role as ‘first line of defence’, but also in strengthening cyber resilience. ‘By working closely together, we can ensure that our cyber strategy is comprehensive and embedded at all levels of the company,’ says Marco Wyrsch. This also means that management is involved and sets priorities for security issues.

The endurance test: reviewing measures

But even the best measures are useless if they are not regularly tested and adapted if necessary. Real cyberattacks also serve as a touchstone, says Marco Wyrsch: ‘Our incident response plans are therefore used time and again and are both practised and tested.’

This at least applies to common forms of attacks such as ransomware, phishing and DDoS. Companies also need to be prepared for less frequent scenarios. ‘We test these, for example, through red teaming and other methods such as tabletop exercises,’ explains Marco Wyrsch. ‘However, rarer scenarios are a challenge to always be prepared and have plans ready in a relatively up-to-date version at all times.’

Hurdles: cyber resilience vulnerabilities 

Repeatedly reviewing and adjusting measures is key to effective cyber resilience. After all, attackers are highly dynamic. Cybercriminals are resourceful when it comes to developing new forms of attack and undermining existing security measures. There are also new vulnerabilities to which cyber defence must respond. In addition, the increased use of cloud services and SaaS raises complexity and the risk of configuration errors.

Always being prepared is no easy task, says Marco Wyrsch: ‘It’s often a challenge to provide sufficient financial and human resources to implement and maintain all the necessary security measures.’ And because even the best protection can be undermined by human error, security awareness is an ongoing issue. ‘We have to constantly promote the subject and actively support employees in doing their job safely,’ says Marco Wyrsch.

Maintaining cyber resilience is an ongoing task. Marco Wyrsch sums up the recipe as follows: ‘We are constantly evolving, questioning the status quo and trying to align our resources as effectively as possible with the current threat status in order to make the company resilient against cyberattacks.’

Checklist: increasing cyber resilience 

1. Determine your current cybersecurity posture

A security assessment helps to evaluate and review existing measures
The analysis of cloud security measures examines (public) cloud environments for vulnerabilities.
Vulnerability assessments identify gaps and vulnerabilities in local and cloud environments. Approaches include: penetration testing, red teaming, tabletop exercises (TTX).
An analysis of previous security incidents shows where threats and risks lie.

2. Compare your cybersecurity performance with industry standards

A benchmark with industry standards and best practices helps to assess the effectiveness of the measures:
NIST Cybersecurity Framework (CSF)
ISO 27001 (information security guidelines), 27032 (cybersecurity guidelines)
CIS Controls (Cybersecurity Best Practices)
Mitre ATT&CK framework
NIS 2 Directive, if affected

3. Involve different stakeholders

Identify needs in business divisions and units such as IT, Legal, Compliance and HR.
Ask employees about their understanding of security requirements and develop security awareness measures.
Integrate cybersecurity measures such as incident response into business continuity management and risk management.
Risk-based planning of human and financial resources and cybersecurity measures.

4. Carry out risk assessment of third-party providers (supply chain)

Evaluate and audit supplier security measures and risks.
Monitor security risks in the supply chain where possible.

5. Document and analyse findings

Compile the results of assessments, benchmarks and stakeholder needs in a report.
Identify gaps and opportunities for improvement in your cybersecurity posture.

6. Develop a strategy for basic protection

Based on the findings from point 5, develop a cybersecurity strategy that covers the fundamental requirements and expectations.
Align the strategy with regulatory requirements, industry standards and corporate objectives.
Prioritise risks and opportunities for improvement.

7.  Take measures to improve cyber resilience

Improve protection against threats with measures such as threat intelligence and threat detection and response (TDR).
Continuous monitoring of cloud infrastructures and configurations with CNAPP approaches such as Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP).
Security awareness training for employees.
Define the roles and responsibilities of the cybersecurity team.
Ensure compliance with regulatory and legal requirements such as the FADP, FINMA regulations, GDPR and NIS-2.

More on the topic