Cyber resilience is more than just a software problem
Investing in software for cybersecurity purposes as a one-off is no longer enough to ensure a resilient defence strategy due the ever-increasing volume and complexities of threats. Building a resilient cyber posture goes beyond a simple software quality issue, it requires a concerted effort across the board, from policy to prevention to recovery.
As the government continues to react to the growing and ever-changing threat, introducing the National Protection Security Authority (NPSA) as part of its March 2023 Integration Review, which included key principles from The National Cyber Force (NCF), businesses must lean on the advice outlined to advance their overall cyber posture.
The NCF acknowledged that cyber operations are unlikely to be decisive on their own and should be integrated into a broader response strategy, highlighting a key point that cyber resilience requires a layered approach. While security systems and software that organisations invest in play a key role, achieving cyber resiliency requires having the right tools from both a prevention and recovery perspective.
Cyber criminals set out to cause havoc and their job is to find new entry points to exploit important information, causing detrimental effects that we have all seen happen too often.
A universal approach is needed, and it is imperative that shared action and accountability is taken to fully protect an organisation’s, and their customer’s, data against on-going cyber threats.
A universal approach
When a cyber-attack happens, it is all too easy to blame the vendor for missing a vulnerability in the system. However, many other factors can come into play - meaning focus should be shifted away from simply vendor inadequacy and towards an approach that incorporates all members of this ecosystem, working together to collectively close the resilience gap.
Shared accountability and goals must be the priority, which means customers need to maintain compliance and vendors need to manage complexity and resiliency.
Of course, this is not a straight forward and easy task when you consider external factors such as the number of applications per device, software that needs constant updating, a prevailing skills gap and a work-from-anywhere world that see devices sprawled out around the nation to an extent that has not been seen before, diminishing the control that once existed when devices all logged on from the same building.
There are many mitigating circumstances that must be considered when fighting against the cyber criminals who are being forced to increase the sophistication of their attempts, which is why a team effort across the board will solidify a strong cyber posture and help to deal with the issues of complexity when addressing this issue.
The problem of complexity
A key driver in complexity when it comes to addressing these prevailing cyber threats is that, despite seeing a multitude of security applications on devices, there is a lot of fragmentation created with multiple versions and combinations of apps on the multitude of devices.
Often, application health can deteriorate rapidly if updates are not kept on top of and this poses a threat to the endpoint. Research from Absolute monitored six apps and found they were only working effectively on less than 80 per cent of devices, in most cases and in some as low as 35 per cent, highlighting the vulnerability created when application health is not maintained.
Additionally, we live in a time where a technological skills gap still exists and is hitting businesses hard as they lack the necessary skill sets they desperately desire. This is no different for the cyber industry, meaning skills are not always available to track device health and push updates where necessary.
Combined with the fact devices are more dispersed than ever before, with devices containing a large number of applications including those embedded by an organisation, as well as those downloaded by the end user, the job of managing and controlling devices and application is increasingly difficult.
Organisations implement security software with the intention of protecting these devices and their applications, however, it is often made up of a combination of software to create a secure and effective security posture, including Unified Endpoint Management (UEM), Virtual Private Networks (VPN), Endpoint Detection and Response (EDR), and Zero Trust Network Access (ZTNA).
Even those organisations that take their approach to cyber protection seriously are not immune to application failure or diminishing health and they can often be fooled into thinking the implementation of controls and various software are enough, ignoring the need for continuous monitoring and updating.
Resiliency despite complexity
Due to the complex and ever-changing nature that surrounds cyber security, zero risk will almost certainly never be achievable. However, risk can be reduced, and this is where innovative technologies, such as self-healing technology, come into play which can be incorporated to provide visibility and insights across all endpoints.
In achieving complete visibility and control, organisations gain the ability to track devices and the applications installed on those devices, monitoring for when applications go out of date and assessing the risk this exposes a device to. Self-healing technologies can then take over and push updates without the need for any human interaction.
No additional team members are needed, no new skill required, and organisation can allow individuals to enjoy the luxury of working from anywhere, without the increased pressure of keeping devices secure.
Cyber security is not a one size fits all problem to address, but instead an issue that requires a collective effort and the incorporation of new technologies, which when implemented can allow organisations to function without the worry of cyber criminals disrupting their operations.