Cyber Resilience is Critical for Digital Transformation

Shambhulingayya Aralelema, AVP and Global Delivery Head, Cyber Security, at Infosys, shares how cyber resilience is crucial in cybersecurity

As global cyberattacks continue to increase — 38% from 2021 to 2022 according to a Check Point Research (CPR) data — no business or nation is safe. 

The UK is learning this the hard way. According to Techmonitor, in 2022, the UK was the victim of more cyberattacks than any other country in Europe. The country remains such a lucrative target that cyberattacks are central to the plot of Apple TV’s new show Liaison

So how can companies bolster their defences? Shambhulingayya Aralelema, AVP and Global Delivery Head, Cyber Security, at Infosys sat down with Cyber Digital to share his expert insight on cyber resilience.

As Global Delivery head of the CyberSecurity Practice at Infosys, he has expertise in information technology and cybersecurity across various industries. At Infosys, Aralelema has been leading new offering initiatives, presales solutions, Cyber Next platform engineering, strategic partnership, and alliances.

What is the difference between cyber resilience and cybersecurity?

With attacks getting more and more sophisticated, it stands to reason that a business will fall prey to one sooner or later. The practice of responding to and recovering from the attack or, really, any other security incidents is cyber resilience.

Simply put, cybersecurity includes practices that ensure the safety of a business; cyber resilience is how a business can recover when it does fall prey to an attack. The goal of cyber resilience is to ensure that a business continues to operate by being proactive and prepared for the eventuality. 

How can cyber resilience bolster a company’s cybersecurity?

To be sure, a good cybersecurity plan is one that includes cyber resilience practices.

Perhaps the best example of cyber resilience is the SolarWinds Orion platform, a major infrastructure monitoring and management platform that came under attack in December 2020.

When it was discovered that a sophisticated hacker had managed to compromise it and affect government agencies across the world including in Europe, companies quickly followed the incident response plan, isolated the affected systems, and patched vulnerabilities before proceeding to improve their security postures.

More recently, in May 2021, the US-based fuel pipeline operator Colonial Pipeline was hit by a ransomware attack that resulted in a system shutdown. As several US states faced fuel shortage, the company itself quickly recovered by implementing stronger cybersecurity measures, network segmentation, and regular testing of their incident response plan.

These incidents are prompting businesses to get smarter. For instance, in December 2021, the Bank of England participated in a voluntary cyber stress test to model the impact of a potential attack on their payments system.

How can companies improve their cyber resilience?

Assuming that a business will sooner or later lose a battle against hackers is the only way to keep it safe. Here are some steps that companies can take to improve their cyber resilience:

  • Implementing endpoint detection and response (EDR) tools that use ML and advanced analytics detect suspicious activity and automate response actions is an effective way to identify and isolate threats on endpoints such as laptops, mobile phones, and other devices.
  • Similarly, a well-articulated incident response plan that includes roles and responsibilities, escalation procedures, and communication protocols will ensure a swift response to a cyberattack.
  • Network segmentation, which involves dividing the network into smaller, more manageable segments, each restricting access only to business traffic, is yet another effective way to limit the damage caused by a cyberattack.
  • As is vulnerability management that involves scanning systems and networks for vulnerabilities and applying patches and updates. This is not unlike your favourite app rolling updates.
  • But perhaps the most rudimentary yet effective way to be cyber resilient is the good old practice of backing up data. Ensuring the backups are tested regularly will ensure quick restoration of services in the event of a cyberattack.

It is important to remember that while an organisation has to win every single time it goes up against a hacker, the hacker has to win just once. The reputational damage, legal hassles, and financial losses are all the eventual consequences of that one single hack. 

Today, every business is a technology business. As the world’s dependence on tech increases so will cyberattacks. It is only logical the importance of cyber reliance is set to increase. 

And while an organisation may have cutting-edge cybersecurity today, assuming that it will always be ahead of the curve would be its hubris. Implementing best practices and incorporating them in an organisation’s BAU activities is the only way to survive and thrive.

**************

Make sure you check out the latest industry news and insights at Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Cyber Magazine is a BizClik brand 

*************

Share
Share

Featured Articles

Google Securing WFH with Zscaler and Netskope Partnership

Google has added the expertise of Zscaler and Netskope into its Workspace Security Alliance to bolster the security issues created from work from home

Why Have Cybersecurity Budgets Soared for TMT Companies?

A recent report by Moody's shows Telecommunications, Media, and Technology companies have ballooned their cybersecurity budgets

Mandiant's Analysis Unveils Cause of Snowflake Data Theft

Mandiant identified three key issues things that the customers affected by the data breach shared

OpenText: AI Main Driver of Growth for MSPs & MSSPs

Technology & AI

Genetec’s Paul Dodds Talks Protecting IoT from Cyber Attacks

Network Security

Tech Mahindra and Cisco Partner on Next-Gen AI Firewall

Cyber Security