Bob Dylan wrote:
“… admit that the waters
Around you have grown
And accept it that soon
You’ll be drenched to the bone
If your time to you is worth savin’
Then you better start swimmin’ or you’ll sink like a stone
For the times they are a-changin’”
Written in a bygone era, Dylan’s fantastic lyrics capture a generation of change, revolution, and transformation. The same can be said about where we are in our cybersecurity evolution. The last year has required us to pivot, adjust, and transform. That is to evolve from cybersecurity to become more cyber resilient.
Now, more than ever, organizations are embracing the journey from protection and defend to be able to resist, to have the capacity to endure.
For doing that, strategy and tactics are of utmost importance. Strategy and tactics have a cause-effect relationship. One sets the long-term direction and overarching tone, while the other ensures that the entity is executing the right way at the right time. Strategize is, consequently, a fundamental step on how an organization is designing its future while focusing on its present.
In the cyber resiliency arena, strategizing means understanding where your digital assets are and where the information lives, where it travels back and forth (to the cloud from your applications, from the cloud to your devices, through the cloud as it moves on the networks). It is critical for success to have a plan that spans from identity management to access control, from monitoring the gateway and the in/out channels of the company to fortifying applications, from ensuring that the right policies are in place to certifying that data is tokenized and only at the reach of the right circles of trust.
Strategy must convert into action. It has to be aligned with the corporate goals, with fulfilling the organization objectives while protecting sensitive information, intellectual property, and critical assets. Dylan kept writing:
“Don’t stand in the doorway
Don’t block up the hall
For he that gets hurt
Will be he who has stalled
There’s a battle outside and it is ragin’
It’ll soon shake your windows and rattle your walls
For the times they are a-changin’”
And it reflects the need to execute, to get ready to evolve. For that, being aligned will not be enough. We believe that the era in which we are living requires another step: synchronization (a discipline where time is everything). Cyber security strategies need to be not just aligned (which means being in the same direction) but also synchronized, harmonized, at the same pace, at the same rhythm—like Dylan’s band onstage. Setting out metrics and indicators on the assets we want to protect, providing assurance that applications are bug-free, guaranteeing that data is encrypted on its way to consumption are all dimensions that belong to being in a good state, in the right shape for a company to resist, endure, survive—all being part of the resiliency discipline.
Cybercriminals will not stop trying. They are persistent, we admit that. But the question isn’t how persistent they are but how persistent we are, isn’t it? The real challenge here is to gather forces and set up the right mission and vision, purpose and promise. And in the cyber resiliency realm, that means taking a stand and resisting. They (re)invent new ways to access systems, to gain credential access, to execute the lateral movement, to exfiltrate data. But then you should have a plan, a strategy that understands your environment and proactively adjusts response strategies based on lessons from previous disruptions, events, and threats.
Enterprises have spent billions of dollars over the last two decades in traditional cyber security defenses (Identify, Protect, Detect, Respond, and Recover). But when faced with COVID-19 these same enterprises were unable to support enterprise resiliency and the ability to pivot to sustain business performance during the pandemic.
Cyber resiliency is a paradigm shift for enterprises to transform from a static to a dynamic cyber capability. It is imperative that organizations around the world are ready to embrace the taxonomy of a new epoch, an era of enduring. For that, adopting the right approach is instrumental for success: Anticipate, Withstand, Recover, and Evolve. That’s the language of cyber resiliency, and much as we like the four phases, we especially appreciate the fourth one: Evolve. This is about moving forward, going back to normal (or, at least, to a good state). Evolving also includes predicting, anticipating, and planning for potential threats, and identifying and monitoring the critical functions of the systems at risk.
Connecting the dots
We encourage you to define outcomes for your cyber resiliency strategy and, in our opinion, they have to answer questions such as “Will I be able to keep on with my business during or after an attack?,” “How ready is my company to endure after troubled digital times?,” “How many channels and environments am I protecting and what would happen if only one of them is breached?.” Strategy is usually designed for the next three, five, seven years of distance. Evolving is usually defined as the moment of now, the day after tomorrow. Combined with the rest of the disciplines of cybersecurity and cyber resiliency (Inspect, Detect, Protect, Defend, Observe), Strategize and Evolve are pillars for every company, every community, every society. Going back to normal, to the desired state after or during an attack should be a priority in these troubled, complex times we are living in. We have to pay attention since attacks will not stop.
The question is if we are taking care of that reality and acting in consequence. Cyber resiliency and its critical components of Strategize and Evolve are a never-ending task, a journey that is focused on safeguarding what matters most in a continuous loop. In fact, Bob Dylan wrote it better than we could ever do:
“Come writers and critics
Who prophesize with your pen
And keep your eyes wide
The change won’t come again
And don’t speak too soon
For the wheel’s still in spin
For the times they are a-changin”
Blog originally posted to: https://www.cio.com/article/3599159/the-times-they-are-a-changin-strategize-and-evolve.html
For a more in-depth conversation about how Aptus Business Solutions can support your digital transformation, get in touch or call 1300 998 594