Home / Industry

Being Cybersecure Is Not Enough, Become Cyber-Resilient Instead

Technology, for its immense evolution, has now become a significant driver of the economy — both digital and global. Along with developments and innovations such as cloud-based computing and Internet-connected mobile devices, however, cybercrime lurks in the shadows.

Here are some of the facts:

In light of this, being truly cyber secure became more of a utopian ideal than a real possibility. Since cyber attacks can't be avoided, organizations need to become cyber-resilient instead. In short: They need to be able to bounce back after suffering from the consequences of a cyber attack.

What Does It Take to Become Cyber-Resilient?

Here are three ways to achieve cyber resilience:

Allocate the Right Budget for Cybersecurity

Despite the unimaginable advancements in IT, it seems that security still sometimes gets left behind. Despite innovations, as evidenced by the development of threat intelligence platforms (TIPs), security information and event management (SIEM) software, and other cybersecurity technologies, organizations still do not prioritize and allocate enough budget for threat prevention and mitigation.

While there is no rule of thumb as to the exact amount or percentage a company has to set aside for cybersecurity, most only allocate 0.2% — 0.9% of their IT budget. Chief information security officers (CISOs), thus, have no choice but to develop cybersecurity strategies with limited funds.

Implement the Zero-Trust Security Framework

The logic behind the zero-trust framework goes beyond the age-old reminder not to talk to strangers. In fact, zero trust implies organizations to avoid communicating with anyone until that person has been thoroughly verified.

All users who request access to company resources, even those within the network, should be cleared based on variables such as the device used, project type, geographical location, and role. If anything is amiss, advanced verification has to be done.

Once verification is done, user access is further limited using the least privilege concept. Users can only access the resources they have been authorized for; everything else remains inaccessible.

Aside from authenticating network users, organizations also need to keep their networks secure against suspicious domains. To fully implement the zero-trust framework, security teams continuously need to perform domain reputation assessment to block out unreputable domains.

Develop and Simulate Incident Response Plans

As attacks are no longer a question of "if" but "when," security teams need to formulate detailed action plans for different types of vulnerabilities. The formulation of such plans often require:

  • Actionable threat intelligence that can be gleaned from comparisons between internal log data and known indicators of compromise (IoCs) from various external sources to respond to incidents, notably by blocking.
  • An incident recovery team that may range from security professionals and other IT specialists to lawyers and press communication officers responsible for online brand protection.
  • A business continuity plan such that the organization can continue despite the chaos a cyber attack can cause to some business functions.

* * *

These days, organizations need to treat cyber attacks as inevitable because they are. Defending your organization against them entails allocating enough budget for security tools and solutions. It also means keeping malicious sites, emails, and files out of corporate networks by employing a zero-trust framework. Last but not least, security teams need to develop detailed and tested incident response plans to mitigate risks and reduce costs.

WhoisXML API

About WhoisXML API – Whois API, Inc. (whoisxmlapi) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.  Visit Page

Follow CircleID on
Related topics: Cybercrime, Cybersecurity
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Whois

Sponsored byWhoisXML API

Cybercrime

Sponsored byThreat Intelligence Platform

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias