Cybersecurity or Cyber Resilience: Which Matters More?
Planning Beyond an Enterprise Security Posture and Toward Reliable Business Continuity
By Amanda Satterwhite, Managing Director of Cyber Growth & Strategy, Accenture Federal Services
Cybercrimes in the United States have resulted in hundreds of billions of dollars in losses. The threats are expanding exponentially endangering our national and economic security.
With off-the-shelf malware readily available, minimal expense and effort is needed for nation-state actors and cyber criminals to disrupt governmental operations for financial and political gain. The rise of AI-based attack vectors has only complicated federal agencies’ efforts to safeguard critical systems.
In this ever-challenging ‘new normal’, the federal government needs more than cybersecurity. Cyber resilience is now also essential. What’s more, of the two, resilience may ultimately prove more important.
Cyber resilience ensures that an enterprise can not only adapt to and recover from known threats and vulnerabilities, but can also anticipate, withstand, and recover from an evolving array of threats, attacks, and vulnerabilities borne out of emerging technologies.
Why Cyber Resilience Matters
A cyber resilience mindset recognizes that no cybersecurity solution is perfect — that even the best cybersecurity tools and strategies cannot protect against every form of cyber threat. For every new defensive strategy, a new attack vector emerges. CISOs and their teams can (and must) engage in what amounts to an endless game of whack-a-mole. You can’t win outright, but neither can you afford to lose.
Recognizing these limitations, cyber resilience strategies deliver robust mitigation plans in the face of these ever-evolving threats. They focus on supporting the continuity of operations, as well as the ability to “return to normal” following an attack.
As federal agencies pursue their modernization goals, a proactive emphasis on cyber resilience ensures they can evolve their defenses as new technologies emerge. Resilience recognizes that there will be new attack vectors as technology evolves, and that incident response and remediation capabilities can and must be able to adapt.
To create a powerful cyber resilience strategy, CISOs and their teams need to develop a risk-based strategy, one that is integrated with the organization’s cybersecurity plans and that supports the ability to identify, protect, detect, respond, and recover. This includes developing detailed incident response, business continuity, and disaster recovery sub-plans and processes.
Why Cyber Resilience Complements Cybersecurity
Cyber resilience should be used in conjunction with fundamental cybersecurity practices.
A strong cybersecurity program deploys the right mix of policies and tools to protect organizations from data breaches, exploited vulnerabilities, malware attacks, and insider threats, as well as phishing attacks that could escalate into ransomware attacks. These will likely include intrusion detection systems, threat monitoring and log collection platforms, end point detection, SIEMs, firewalls, and data loss prevention.
Cyber resilience complements these strategies. With attack simulations, adaptive detection and response, crisis response, and threat intelligence, resilience tools and strategies enable organizations to recover swiftly from a cyberattack. They empower agencies to restore data and systems to their previous state, minimizing the impact of an attack on business operations.
For those already familiar with cyber resilience, there’s a common misconception that cybersecurity planning and cyber resilience planning are mutually exclusive. In fact, they are two sides of the same coin. Cyber plans should look to apply both security measures and cyber resilience for the most effective overall security posture.
Some may erroneously believe that traditional backup solutions are all that’s needed to ensure mission resilience. In fact, while these solutions might be adequate for restoring data in the event of hardware failure or accidental deletion, they’re not designed to ensure full recovery from cyberattacks.
For federal agencies to truly ensure mission success in the face of near constant threats, cyber resilience, or a comprehensive approach to restoring and maintaining operations following a cyberattack, is critical.
Why Cyber Resilience Aligns with Zero Trust
Federal agencies are leaning hard toward adopting Zero Trust security architectures under mandate to do so from the President’s 2021 Executive Order on Improving the Nation’s Cybersecurity, as well as other guidance. They also need to do so, as Zero Trust is proving a robust means of keeping cyber-attackers at bay.
When it comes to cyber resilience, adopting a Zero Trust mentality and architecture is an excellent place to start. Zero Trust assumes that access and networking within an organization can never be trusted. It calls for users, devices, and systems to be authenticated first before connecting, and then re-verified at multiple points before accessing networks, systems, and data.
For those transitioning to a Zero Trust architecture, CISA’s Zero Trust Maturity Model offers a framework of five foundational pillars covering: Identity (and access), Devices (e.g., Bring Your Own Device policies), Networks, Applications, and Data. It then builds in Governance and Analytics, to help measure, monitor, and develop automations to assist with fatigue and mistakes that result from manual updates.
This level of cybersecurity in turn gives a firm grounding to cyber resilience, by preventing many of the most common attacks before they can infiltrate or impact critical data and systems. Again: cyber security and cyber resilience go hand in hand.
As the federal government pursues Zero Trust goals, it should view this effort as a foundation for an expanded view of what security entails. Zero Trust is the bedrock upon which to move beyond mere defense and to layer in cyber resilience so agencies can meet the main objective of security: operational continuity.
Like cybersecurity, cyber resilience is a means to an end. Both look to safeguard critical data and systems, but cyber resilience takes it one step further. Recognizing that even the best defenses can be breached, cyber resilience looks to ensure that agencies can continue to meet the needs of citizens and stakeholders, uphold national security, and accomplish the myriad other vital tasks of government, regardless of what the bad actors may try next.
About the Author
Amanda Satterwhite, Managing Director of Cyber Growth & Strategy at Accenture Federal Services, is responsible for growth, innovation, and go-to-market strategy. Satterwhite leads cyber mission and enablement for the company’s National Security Portfolio, managing a team responsible for creating cutting-edge solutions for national security missions.
Amanda can be reached online at https://www.linkedin.com/in/mandysatterwhite and via the company website https://www.accenture.com/us-en/industries/afs-index