Cyber resilience is key to keeping a company up and running in the event of an attack. This article highlights practical approaches to strengthening cyber resilience and provides a checklist summarising key steps and measures.
September 2024, Text Andreas Heer 4 Min.
It’s easy to ask questions about how resilient you are to a cyberattack: How can I guarantee operations after a ransomware or DDoS attack? Am I affected by new types of security loopholes and attacks, and what impact do they have? Answers to these and similar questions about a company’s cyber resilience, on the other hand, are a little harder to come by. They boil down to knowing your own cybersecurity posture – your current level of protection.
This article highlights practical approaches to strengthening cyber resilience. A checklist summarising key steps is provided at the end.
Analysing the current situation is key to identifying and eliminating vulnerabilities in your cyber defence. ‘We monitor the general threat status, carry out ongoing risk analysis and validate our security measures,’ says Marco Wyrsch, Chief Security Officer (CSO) of Swisscom.
Behind this lies a whole range of precautions encompassing technology, processes and people: such as penetration tests, vulnerability scanning and red teaming to uncover vulnerabilities in the infrastructure. Collaboration with people and organisations outside the company plays an important role here, emphasises Marco Wyrsch: ‘Our Bug Bounty programme provides us with valuable information about vulnerabilities in our own services, while exchanging information with partners provides insights that we can incorporate into our cyber defence.’
This combination of ongoing monitoring of the situation and the infrastructure provides a multitude of signals. ‘That’s a challenge,’ admits Marco Wyrsch. ‘Which is why we take a risk-oriented approach and rely on tools that help us set the right priorities.’
These priorities are then used to classify and implement measures according to the phases of the NIST Cybersecurity Framework (CSF). ‘These are organisational, procedural and technical measures, but also measures that address the potential of employees,’ explains Marco Wyrsch. The focus is on people, Swisscom’s CSO emphasises: ‘We want to enable our employees to do their jobs safely. In turn, we create security for them as well as resilience that extends not just to technology, but to every single employee.’
When it comes to technical protection, Marco Wyrsch relies on modern approaches such as security by design and multi-layer defence in depth. ‘Zero-trust approaches are also increasingly being used,’ he adds.
The approaches for threat detection and response are also multi-level. ‘We’re constantly optimising them,’ says Marco Wyrsch. ‘On the one hand, to always be up to date with the latest technology and current threats. And on the other hand, to be able to offer cybersecurity employees an attractive working environment where they have to deal with trivial incidents as little as possible.’ Handling of these incidents is automated wherever possible and at least pre-triaged and processed using machine learning or generative AI.
Just as cybersecurity measures take place at different levels, they are also implemented and developed in different IT and business divisions. This cross-divisional collaboration is essential to fostering a security culture throughout the company, emphasises Marco Wyrsch: ‘Collaboration is the key to successful security measures and establishing a resilient organisation. Without the people who implement, develop and operate the measures on a day-to-day basis, it would be impossible to achieve the scaling we need.’
Due to an increasing number of regulations, cybersecurity is also becoming increasingly important from a compliance and legal perspective. Marco Wyrsch describes its role as follows: ‘Security often acts as a bridge between business units such as IT and the various legal divisions to implement compliance requirements and establish effective and resilient cyber defence with risk-based measures.’
The human factor not only plays a role as ‘first line of defence’, but also in strengthening cyber resilience. ‘By working closely together, we can ensure that our cyber strategy is comprehensive and embedded at all levels of the company,’ says Marco Wyrsch. This also means that management is involved and sets priorities for security issues.
But even the best measures are useless if they are not regularly tested and adapted if necessary. Real cyberattacks also serve as a touchstone, says Marco Wyrsch: ‘Our incident response plans are therefore used time and again and are both practised and tested.’
This at least applies to common forms of attacks such as ransomware, phishing and DDoS. Companies also need to be prepared for less frequent scenarios. ‘We test these, for example, through red teaming and other methods such as tabletop exercises,’ explains Marco Wyrsch. ‘However, rarer scenarios are a challenge to always be prepared and have plans ready in a relatively up-to-date version at all times.’
Repeatedly reviewing and adjusting measures is key to effective cyber resilience. After all, attackers are highly dynamic. Cybercriminals are resourceful when it comes to developing new forms of attack and undermining existing security measures. There are also new vulnerabilities to which cyber defence must respond. In addition, the increased use of cloud services and SaaS raises complexity and the risk of configuration errors.
Always being prepared is no easy task, says Marco Wyrsch: ‘It’s often a challenge to provide sufficient financial and human resources to implement and maintain all the necessary security measures.’ And because even the best protection can be undermined by human error, security awareness is an ongoing issue. ‘We have to constantly promote the subject and actively support employees in doing their job safely,’ says Marco Wyrsch.
Maintaining cyber resilience is an ongoing task. Marco Wyrsch sums up the recipe as follows: ‘We are constantly evolving, questioning the status quo and trying to align our resources as effectively as possible with the current threat status in order to make the company resilient against cyberattacks.’