Resilience is a collaborative effort

Issue 6 2022 Editor's Choice

Cyber resilience and cybersecurity are not the same thing, despite the efforts of many to promote a technical solution as a cyber resilience solution. Cyber resilience is about collaboration – enterprise-wide collaboration between IT and almost everyone else connected with the business.

Wayne Olsen, managing executive for cybersecurity at BCX, explains that while cyber resilience is an enterprise risk strategy designed to protect the organisation from cyber breaches and exploitation, to be cyber resilient requires collaboration. In fact, he says many of the failures of supposedly cyber resilient companies are the result of a lack of collaboration.

The foundation of cyber resilience requires collaboration between the IT department and the rest of the company, from executives to legal, HR to accounting, and so forth. Moreover, it also requires collaboration between the organisation and its supply chain, including partners and customers.

In a world where criminals are able to exploit the smallest hole in your defences, ensuring that the SME you deal with for stationery as well as the manufacturer you deal with for components supports your resilience (and vice versa) is key to managing this risk. Importantly, Olsen says it is not about ensuring they have the latest antivirus installed, but that everyone starts from within (this includes issues such as the demands of the business, data ownership, where you are vulnerable, etc.) to secure their organisation.

Based on organisational objectives

When reviewing or designing a cyber resilience programme, the CISO (chief information security officer) or someone at the executive level must take ownership of the project. No single person can do it alone, but there needs to be one central enabler. The process starts by identifying all the organisation’s assets, its processes and where it is going; and security needs to empower and enable the company to make use of its resources and accomplish its goals.

Instead of building something and then looking at security as an add-on after the fact (asking the CISO to “bubble-wrap it,” in Olsen’s words), security is part of the development process, whether you are developing software, electronic or mechanical systems, or even business processes. When security is built in from the start, it doesn’t become a burden that has to continually be updated or reworked because new features or threats break the bubble-wrap added after the development phase.

Bring your own IT

Covid-19 was responsible for an extremely fast move to digitalisation among companies, as they suddenly had to enable everyone to work from home in the span of a week. The focus was on communications and IT to make this possible, but security was left until last. The result is a big, remote world of vulnerabilities that security teams had to scramble to secure after the fact, and many are still sorting out.

Olsen says the days of BYOD (bring your own device) are long gone and with remote working it is now more a case of BYOIT (bring your own IT). The network the financial manager pays invoices from is the same one their kids use to access social media and other sites that may not be the safest. The cyber resilient organisation needs to build these risks into its resilience programme from the start or be left chasing its tail as it tries to put out fires (as has happened to many since 2020).

This relates back to asset identification and management. It’s easy to know how many employees the company has or how many cars or buildings, but what about your digital assets? Not only do you have to cater for the ‘official’ digital assets bought – computers, laptops, smartphones, etc. – but also for the devices used by people without the company knowing. And then you include the IoT world where there are billions of devices able to communicate, as well as operational systems that are also connected, and asset identification become a lot more complex.

No single thing

Olsen adds that there is “no single thing” a company can do to be cyber resilient. It’s crucial to understand the whole attack surface, which includes everything from business email compromise (BEC) vulnerabilities to product development and deployment, where speed to market often takes priority over everything else. Moreover, you need a plan (more formally known as an incident response plan).

When hit with some form of cyberattack or major equipment failure, just beating up on the security or IT guys is not constructive (and wastes time needed to recover). The company needs a plan to identify the problem, know who is responsible for that area of the business (responsible in terms of managing the defence and recovery process, not who is to blame) and implement a remediation strategy. This includes IT, HR, PR and even partner and customer relationship managers.

In summing up, Olsen explains that ‘cyber fatigue’ is a real thing, and many companies and security operators are exhausted by putting out fires in one place just to find out there are three more waiting for them to handle over the weekend. He stresses that while technology is part of the solution, buying more technology is not the solution.

Hoping technology makes you cyber resilient is like sticking a plaster (or a Band-Aid for international readers) on a gaping wound. You can keep adding more plasters but eventually they will fail, and you will see that the original wound is still there, but now it’s infected and causing more problems than ever. The CISO needs to understand that cyber resilience means getting to the cause of the problem and dealing with it there, not after a breach.

This can be assisted with automation. Just like false alarms are a curse for physical security companies, control room operators and managers, false cyber alarms are merely diversions that exhaust people and keep your eyes off the serious problems that need attention. With the number of devices that are connected and are going to be connected in the next few years, no organisation will manage the challenge of focusing on what really matters if they don’t have an automated mechanism to sift out the false alarms.

From a BCX perspective, Olsen says that the company operates a security operations centre where it offers the traditional cybersecurity monitoring services (via automated systems and skilled human operators for managed services and responses), but it sees itself as an orchestration point for customer security. It therefore also offers services such as incident response services, CISO-as-a-service, as well as SIEM-as-a-service (security information and event management) and other solutions to help companies that either don’t have the budget for a dedicated cyber resilience enabler or that can’t find the right skills.

The benefit of this approach is that all information is centrally controlled, so that a certain attack on one customer educates everyone on what to look out for to prevent it happening elsewhere – everyone includes the platform itself. Sharing information and learning from each other enables his team members to cross-skill themselves to provide a better all-round service to customers, encompassing IT and OT. A cybersecurity academy is also in the pipeline in the near future.

For more information contact BCX, Wayne Olsen, +27 11 266 1000, [email protected],


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Fire-fighting force at Vergelegen
Editor's Choice Fire & Safety Residential Estate (Industry)
Vergelegen wine estate in Somerset West, and its neighbours, are set to enjoy greater peace of mind this summer, thanks to the delivery of a brand new fire truck .

Healthcare and the edge
Technews Publishing Healthcare (Industry)
With the proliferation of IoT devices in healthcare, more data is generated which drives the need to distribute it efficiently and keep it closer to the user.

Sasol ensures Zero Trust for SAP financials with bioLock
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Multi-factor authentication, including biometrics, for SAP Financials from realtime North America prevents financial compliance avoidance for Sasol.

KPMG 2022 CEO Outlook, South African edition
Editor's Choice News
Mid-November saw the release of the latest KPMG 2022 CEO Outlook, South African edition, aptly sub-titled ‘Potential Growth in Uncertain Times’.

Do you know where your data is?
Technews Publishing Editor's Choice
Flow Security focuses on making sure companies manage their data security in real time through automated Data Security Posture Management (DSPM).

Two cases of cyber resilience
Technews Publishing Editor's Choice
Infinidat consolidates backups and cyber resilience for a cloud service provider in the healthcare environment, as well as an energy utility based in EMEA.

Are you below the security poverty line?
Technews Publishing Editor's Choice
While management may think their company is pulling its weight in terms of cybersecurity, the security team knows if it is operating below the security poverty line.

Cyber resilience is more than cybersecurity
Technews Publishing Editor's Choice Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

From the editor's desk: No fond goodbye
Technews Publishing News
      Welcome to the final issue of Hi-Tech Security Solutions for 2022. Personally, I have absolutely no regrets seeing this year ride off into the sunset, or preferably be set on fire. However, it is the ...

The biggest cybersecurity threats for 2023
Technews Publishing Editor's Choice
Hi-Tech Security Solutions asked a few industry experts what the biggest or most critical cybersecurity threat is that we are facing going into 2023.