Question: How do I conduct a resilience review of my organization?
Yogesh Badwe, CSO at Druva: The concept of resilience has never been more important than it is today as the world grapples with unprecedented geopolitical challenges. Governments are urging companies to raise their defenses as the threat of cyber warfare looms. Against this backdrop, security leaders must take action, and running a resilience review of their organization is one of the best places to start.
At its core, resilience is the capability to anticipate, withstand, and recover quickly from a crisis with minimal impact to business-critical services. You should identify the technology and data that your business depends on and then, as the first step, make sure that all business-critical data across your organization is protected. That means the data is in a system where you've verified it's backed up and immutable, and the team has ensured it can be rapidly recovered in its original state. This includes critical servers and applications, such as Microsoft 365, that power your business, in addition to the entry points where ransomware can attack, such as endpoints. If attacked, your backup system, and the way it is managed, will be critical to maintaining business continuity. Ensure your IT teams have segregated the backup system as much as possible from the primary environment, with separate passwords, separate access, separate monitoring, and ideally air-gapping.
Next, if a zero-trust model is not in place, take action to adopt one. Zero trust is based on a strict and continuous verification process and adds another security layer to your organization. Implementing multifactor authentication and single sign-on will help keep bad actors from gaining access to and deleting backups. Additionally, an orchestrated response should be readily available to automate containment and recovery. Automation not only helps ensure a speedy recovery, which is especially helpful during high-risk times like weekends and holidays, but it dramatically lowers the chances of human error that could potentially delay recovery efforts further.
Last but not least, assess the state of your organization's security culture. Employees should understand this is a period of higher risk and be on the alert for malicious activity. Be proactive by implementing a training and awareness strategy that includes cyber resilience, and keep good security habits top of mind so employees are ready to identify, respond, and report any potential threats they find.