The who, what and how of boosting your cyber resilience

With threat actors engineering increasingly sophisticated tactics, a cyberattack isn’t a matter of if but when. Cybersecurity-focused organizations recognize this and prioritize cyber resilience and cyber recovery. Do you?

Cyber resilience involves preparing for, responding to and recovering from cybersecurity attacks. Cyber recovery is a component of cyber resilience that focuses on limiting the impact of a cyberattack by helping you recover your important data afterward. While facilities can use security cameras to catch people breaking into their building, online organizations must use cyber resilience tactics to catch unauthorized people entering their IT environment.

But do they put the same energy into cyber resilience? Adopting strategies to tighten your cybersecurity can help you prevent attacks from occurring. But what happens when the inevitable occurs and you’re too late for prevention? That’s where cyber resilience comes into play. Consider adopting strategies, starting with the who, what and how of cyber resilience to ward against the inevitable.

Who: Your entire workforce is responsible for cybersecurity

Most organizations recognize that ransomware is a major threat. In fact, 78% believe a cybersecurity breach will likely occur in their organization, according to Unisys’ “From Barriers to Breakthroughs: Unlocking Growth Opportunities With Cloud-Enabled Innovation” report. The most security-conscious ones know that, rather than being the sole responsibility of their security teams, cybersecurity is a responsibility shared by everyone in the organization.

Cyber resilience is an enterprise issue, requiring organizational alignment and top-level support. It also takes a balanced, continuous program of embedding resilience thinking into workplace, the cloud, apps and data strategies. Among other things, this means prioritizing a culture of security and preventing one of the biggest risks – human error.

Preventing human error is critical because attackers are targeting employees. A common phishing scam is to send an employee an email or text that looks like it’s from their boss and asks for money. The scammer may masquerade as the boss and say they’ve lost their laptop and need funds to pay a vendor for a replacement. Worried about angering their boss, an employee could fall prey to this type of social engineering scam.

Another tactic is for a scammer to pose as an employee’s boss or HR representative and request that they click on a link. Scammers are becoming more creative with these links, but they will often say they contain important information such as healthcare benefits and, ironically enough, cybersecurity measures. Clicking on the link could download rogue software and ultimately compromise the company’s entire environment. Attackers are even using AI to better understand the types of links their targets are most likely to click so they can tailor their phishing emails.

Security awareness training for employees is one of the five steps to deliver a deadly counterpunch to ransomware. Employees are your first line of defense. Decrease risk by educating employees on indicators that an email isn’t from a legitimate source. Caution them to be careful about opening or responding to emails, regardless of who the apparent sender is, and to contact the supposed sender in a separate email to double-check any questionable emails or texts.

What: Cyber recovery vault to restore data quickly

Bad actors are stepping up their game, running it as a business. Weaponized bots are a major cause of cyberattacks and feed an industry that prioritizes credential theft. Attack execution specialists and extortion specialists target operational systems as well as users and backup data, and focus on the most sensitive data exfiltrated.

Like a bank vault to lock away money, jewelry and other precious items from thieves, a cyber recovery vault can store your critical backup data. This digital vault keeps your data isolated and protected in the event of a cyberattack or data breach, and therefore is a critical element of a successful cyber resilience strategy. Organizations often employ three strategies to rapidly restore data using a cyber recovery vault.

Resilience requires threat detection and constant monitoring, but no combination of solutions is 100% effective. A cyber recovery vault can help you preserve your data from attacks. Organizations should embed architecture resilience review across their IT service management programs. And you should embrace a tailored, risk-based approach based on service criticality, architectural setup and the data involved. Consider deploying data loss prevention and data analytics capabilities to help analyze the extent of the stolen data to guide your response strategies.

The cyber resiliency steps for a cyber vault include:

• Identify the applications in your organization that are absolutely critical to the delivery of your services. Don’t forget to include identity management platforms that support those applications. Determine workarounds for less critical applications.
• Define a vault that leverages your existing backup platform and has the additional protections of air-gapped and immutable storage, and analytic software to detect signs of encryption or data destruction.
• Access your vault from wherever is convenient. Vaults can be located on-premises, adjacent to the cloud or in the cloud. Cloud-adjacent vaults can provide value for multi-cloud deployments and can have cost savings over cloud-based vaults. Cloud-adjacent vaults offer quick access to data that is on-prem and with any of the cloud providers, but are more customized and secure than traditional public clouds.
• Gain the capability to rehearse deployments of the secured data and applications into a secure test environment, called a clean room.
• Restore the data and applications in a secure place, isolated from production and safe from attacks. This process speeds recovery and limits downtime after an incident.

With a cybersecurity workflow automation tool, like the Unisys Cyber Recovery Orchestrator, your vault can quickly recover data back into production after a compromise. Use this orchestrator tool, which was launched in 2023, to catalog and prioritize backups for restoration. For an application, this means automatically restoring the programs, file systems and databases associated with it.

Since launching the orchestrator, Unisys has continued to innovate new functionality, including accommodating a wider range of IT assets, like cloud-based assets and database backups.

How: Managed services to augment cybersecurity teams

The cybersecurity talent shortage is an industry-wide challenge as organizations struggle to hire qualified people. Complicating matters is the ever-shifting nature of threats, requiring that defenders master cybersecurity basics and continuously evolve their techniques as new threats and regulations emerge. Even if organizations manage to hire cybersecurity experts, those employees may not have sufficient time to stay up to date on new cyber threats and the latest cybersecurity best practices.

As a result of these challenges, some organizations augment their cybersecurity teams with external experts through managed services solutions. These experts can come up with ideas the organization may not have thought of, help you choose a cybersecurity platform and act as another set of eyes to detect issues. Look for a managed services provider that helps you:

• Strategize your approach and set up any new tools or technologies.
• Gain 24x7 monitoring and updates for increased visibility.
• Prevent or block ransomware and other threats.
• Minimize the impact of cyberattacks.
• Restore or recover data from a secure vault.

Increase your cyber resilience with Unisys

Organizations are seeking strategies to increase their cyber resilience and their capability to recover from cybersecurity attacks. These strategies include augmenting their security teams with managed services, storing their data in a secure vault for fast retrieval and encouraging every employee to prioritize online safety. To get four more cyber resilience strategies, download the “A new urgency for cyber resilience” eBook.

Interested in learning more and attending Dell Technologies World May 20-23, 2024, in Las Vegas?

Reach out to Paige at paige.seabridge@unisys.com to schedule a meeting with Unisys at the conference and explore how Unisys and Dell Technologies work together on innovative solutions. Be sure to catch our Dell Technologies World session “Activate your digital destiny: Navigating tomorrow’s resilient digital workplace” from 3 to 4 PM PST on Wednesday, May 22 for expert insights on future of work solutions and cyber resilience and recovery.

Reach out for details on how the Unisys Cyber Recovery solution, powered by Dell Technologies, and other cybersecurity solutions from Unisys can strengthen your organization’s environment.