Cyber Resiliency for Small Businesses: Techniques and Tips
In the context of cybersecurity, resiliency is all about how organizations bounce back from an incident that involves the interconnection of multiple domains such as cybersecurity, business continuity, and organizational operations.
You need to be cyber resilient to adapt and continue to deliver services or provide products to your clients and customers despite an event, such as a data breach. In addition, your business operations should include processes and measures to that allow you to resume providing standard business services as soon as possible after the incident.
For small businesses, this means, first things first, an attitude adjustment. It’s time to stop assuming that cybercriminals won’t be interested in your cyber data.
The Cyber Resiliency Techniques Checklist
What should be on your business’s resiliency checklist?
A CSO Online article describing what a cyber resilient business would look like lists the following 14 techniques (with their corresponding hygiene controls and practices):
Optimize your ability to promptly and appropriately respond to adverse conditions.
Dynamic reconfiguration, resource allocation, and adaptive management.
Improve your ability to detect potential adverse conditions and reveal their extent.
CDM, IDS, threat monitoring, forensic and malware analysis
Require an adversary to overcome multiple safeguards.
Defense-in-depth, network/host IDS, orchestration, red/blue team exercises
Mislead or confuse the adversary, or hide critical assets from the adversary.
Obfuscation, encryption of data, honey pots, encrypt processing, DNS cache poisoning
Limit the loss of critical functions due to the failure of replicated common components.
Different OS, random IP space, alternate communication protocols
Impede an adversary’s ability to locate, eliminate, or corrupt mission or business assets.
Relocate sensors, change storage sites, distribute critical processes and assets
Support situational awareness. Reveal patterns or trends in adversary behavior.
Real-time map of resources, threat modeling, CTI for real-time awareness
Create a means of curtailing an adversary’s intrusion.
Employ time-based or inactivity-based session termination, refresh services, SDN
Restrict privileges based on attributes of users and system elements.
Least privilege, RBAC, dynamic account provisioning
Reduce the size of your organization’s attack surface.
Whitelisting, IAM, minimize non-security functionality, outsource non-essential services to MSP/MSSP
Reduce the consequences of loss of information or services.
Retain configurations, maintain and protect backups, alternate audit and security capabilities
Limit the set of possible targets where malware can be easily propagated. Subnets, VLANs, partitions, sandboxes, enclaves, system/service/process isolation
Detect attempts by an adversary to deliver compromised data, software, or hardware, as well as successful modification or fabrication.
Tamper seals, cryptographic hashes, SCRM, code signing, trusted path, fault injection
Increase an adversary’s uncertainty regarding the system protections which they may encounter.
Rotate roles, random authentication, randomize routine actions
5 Steps Toward Cyber Resiliency
Now that you have an idea of the cyber resilience techniques and practices your business needs to be able to implement, you can proceed to take the necessary steps to get to the resiliency level you need to be.
1. Take inventory
Determine your identity and purpose as a business. You need to understand your business operations and products or services as well as the resources you need to support them. Be sure to involve your key stakeholders and business unit leaders in this discussion.
This step gives you insight into the following:
- The types of data you have
- Who you share your data with
- Any compliance requirements your business must meet in the event of a data breach
Your internal security team can use all this information for risk management or a third-party managed service provider (MSP) or managed security service provider (MSSP) to provide risk mitigation services that fit your specific needs.
2. Identify current resources and risks.
After creating your initial list of critical operations, services, assets, and data types documented, find out what resources you have to protect your information and infrastructure, including internal assets and any external services.
3. Determine your level of preparedness.
Review the types of risks your business is facing—financial, competitive, regulatory, etc. Then determine whether you are equipped to address them.
Other items to include in the discussion at this stage:
- Any external partners the agreements that are in place to safeguard your business in case of data breach on the side of your external partners.
- Incident response: Do you have policies in place for how you will respond in the event of a cyberattack, and have you tested these policies? If so, how often?
4. Review your security program.
Your leadership team should work with your IT manager to evaluate your current security plans and the maturity of the overall program, as well as pinpoint any gaps.
This review should tell you the following:
- Whether both your internal and external business operations are covered by your program
- Whether your security measures include new, cloud-based services
5. Create an action plan.
Your leadership team and IT manager should now have a list of legacy processes and security gaps. Then bring in your stakeholders to evaluate and prioritize the list of issues. Identify any issues that may arise and require immediate action. Create your short- and long-term plans, which will be managed by your security program.
Ready to overhaul your cyber security? Don’t forget to include upgrading your authentication protocols. Go passwordless and adapt 2-factor or multifactor authentication, together with single sign-on.
Explore your enterprise-level options with TraitWare.