Learn why it’s important to proactively plan for cyber events instead of waiting to react

Cybercriminals spent the last few months intensifying their attacks on governments, manufacturing, healthcare and other industries, thanks to the amount of private and personal data these sectors handle. As more complex threats seem to emerge daily, managing IT risk has become increasingly difficult.

These recent incidents are prompting many business leaders — and their organization’s boards — to rethink how they proactively anticipate, protect against and recover from a cyber incident.

Experts say the key to a cyber resilient future is to embrace a new way of thinking about these nearly unavoidable threats.

“The last three decades have been defined by a defense in depth approach, best represented by the castle-and-moat motif,” said Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, which just launched a Cybersecurity Incident Response and Forensics service and the Kyndryl Security Operations Platform with AWS to help businesses proactively prepare for and respond to cyber threats. “Unfortunately, the paradigm is no longer appropriate in a borderless world. The approach we use must be similar to that which we apply in a biological model — as humans we must co-exist with viruses and bacteria. To protect ourselves, we use preventative techniques such as handwashing and immunizations. Unfortunately, sometimes these efforts are ineffective, and we still get sick. In the cyber world, as in the physical world, we must also recognize the inevitability of ‘illness.’ Security and resiliency must go hand in hand.”

Here, Lovejoy talks about the importance of creating a cyber resiliency strategy.

Why are governments increasingly a target for cybercriminals, despite growing digital maturity?
Like any digitally-enabled commercial organization, most governments are constrained by aging systems within increasingly complex environments — a mix of old and new architecture — that makes protecting the enterprise challenging. Disruptive cyberattacks have become frequent and inevitable in today’s threat landscape, so we have failures associated with software and hardware, network outages and natural disasters. Thus, preparedness is key. If an organization can effectively engage to anticipate, protect, withstand and recover from any and all cyber-related events, significant damage can be minimized.

If an organization can effectively engage to anticipate, protect, withstand and recover from any and all cyber related events, significant damage can be minimized.

Kris Lovejoy

Global Security and Resilience Leader, Kyndryl

The healthcare industry also saw spikes in data and cyber breaches last year. Why are healthcare organizations vulnerable?
The threat of cyberattacks and the weaponization of digital assets is on the rise. Bad actors recognize that healthcare information is valuable, the environments are fragile, and healthcare providers have purportedly been more willing to negotiate a price to get their data back after a breach. The combination of these factors makes them a target.

What are the most important factors to consider when creating a cyber resiliency strategy?
The pandemic dramatically increased digitization to keep global commerce moving. This expanded the surface area for cyberattacks. The potential disruption of services we depend on every day — like oil and gas, food and groceries, energy and utilities, and healthcare — is straining many IT environments that were left vulnerable in the wake of the pandemic. That means organizations always need to be on their front foot to bounce back.

Our work with customers has shown that incident recovery can be minimally disruptive if they have planned and tested effectively. The process starts by thoroughly understanding the business and the critical systems that keep that business running. Organizations must prioritize their most important business services — including supply chain partners, technology assets and data that powers them — and develop a cyber risk management plan that outlines specific actions to mitigate each risk. A resilient strategy allows enterprises to quickly move forward when issues arise.

Can companies prepare and plan too much?
Companies can certainly prepare and plan too much if it’s on the wrong things. At Kyndryl, we enable our customers to approach resiliency through consistent touchpoints to maintain an interactive relationship. We test security controls under real-world conditions to validate the strategic plans and ensure continuous improvement. This technique allows frequent and productive opportunities to discuss, address and adjust how to improve and enhance an organization’s cyber resilience plan.

What’s the most urgent item organizations should include in their cybersecurity and resiliency strategy?
One of the most glaring gaps in enterprise security strategies is a lack of resiliency planning. Many companies have security response retainers, allowing them to test policies they have in place and respond in the event of a security incident. However, those retainers can’t help with recovery after a breach.

Working with a trusted IT partner is a step in the right direction. It comes with the advantage of having experts — on the ground or remote — to proactively help organizations recover from a cyber incident and get back up and running quickly. It also addresses recovery-related actions such as defining recovery processes based upon forensics, redeploying applications, restoring data and cleaning systems, among other critical tasks.