In a new whitepaper, we explain how agencies can shift to a holistic, risk-based approach to security and why it matters now more than ever.
Cyber “resilience” is a term you may have heard in the news lately. While most agencies acknowledge the importance of protecting their networks and are actively creating and refining policies to do so, they still tend to lag behind other industries in terms of overall security scores. So, what exactly is meant by cyber resilience and how can agencies use resilience principles to more effectively defend their infrastructure?
That’s the topic of our new whitepaper Cyber Resilience: Implementing A Holistic, Risk-Based Approach to Security and it’s well worth a read for anyone charged with protecting their agency’s data.
According to the Department of Homeland Security, resilience is “the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.”
Cyber resilience is a perspective that marries information security, business continuity, and resilience. It aims to help government and business prepare, prevent, respond and recover from cyber breaches. It is also a wholesale shift in thinking from earlier, individual cybersecurity efforts such as anti-virus programs, firewalls, and perimeter security that were touted as cure-alls that could be bought, installed, and essentially forgot. Cyber resilience counsels that security is an integral part of an organization’s core business, its processes embedded in every level of day-to-day operations with complete buy-in from IT departments, all staff, and the most senior executives and board members.
Compare this to many security strategies in place today that are often driven by the response to specific attacks or the need to meet compliance requirements and deadlines—not by a holistic approach to risk-based security.
The whitepaper lays out four serious challenges to implementing a holistic, risk-based strategy including the advancement of cyber-attack techniques, the fact that spending on cyber tools alone doesn’t ensure security, new attack vectors from open, interconnected networks, and the industry-wide lack of security expertise to tackle the problem. It then argues that The National Institute of Standards and Technology (NIST) Cybersecurity Framework, is the best guide to help meet these challenges and manage cyber planning.
The whitepaper demonstrates how this framework can be simplified and adapted to meet your agency’s need. It then provides a realistic example of a public sector breach to explain how the framework can help agencies in all phases of resilience including Identify, protect, respond and recover.
Read the full Motorola Whitepaper here and learn why forward-looking agencies are shifting to a risk mindset, focusing on mitigation options, continuous monitoring, diagnosis and remediation to evolve security practices.
Troy Mattern is the Vice President for Product and Services Cybersecurity at Motorola Solutions.