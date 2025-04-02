As we enter a new era of cybersecurity threats, which has prompted the evolution of new vulnerabilities, organizations are challenged on how to best respond to these evolving attacks. The threat landscape is more complex than ever causing organizations to grapple with new tactics to safeguard their critical data.

In 2024, ransomware surged rapidly in acceleration and sophistication, accounting for 23 percent of all intrusions in 2023 compared with 18 percent in 2022 according to Mandiant’s annual M-Trends report. Since the introduction of AI, the ability to automate its deployment can also be attributed to its exponential growth. Most notably, increasing its attack surface to target critical infrastructure, sensitive data, and operational capabilities.

To navigate these challenges, organizations must adopt a comprehensive approach to cyber resilience -- one that allows them not only to withstand attacks but also to recover swiftly and effectively. The longer a cyber threat remains undetected, the more time it can inflict damage which is known as the dwell time. Therefore, minimizing the dwell time can significantly reduce costs and damage to business operations, maintaining business continuity and customer services.

The core pillars of cyber resilience provide a robust framework for organizations looking to enhance their cybersecurity posture.

Offensive Security and Threat Intelligence

The first pillar of a strong cybersecurity strategy is Offensive Security which focuses on a proactive approach to tackling vulnerabilities.

Organizations must implement advanced monitoring systems that can provide real-time insights into network traffic, user behavior, and system vulnerabilities. By establishing a comprehensive overview through visibility assessments, organizations can identify anomalies and potential threats before they escalate into full-blown attacks. This proactive approach allows security teams to respond swiftly, minimizing the impact of any security incident.

Cyber Hygiene: Establishing Secure Habits and Practices

Cyber hygiene refers to the practices and habits that users and organizations adopt to maintain the security of their digital environments. Passwords are typically the first line of defense against unauthorized access to systems, data and accounts. Attackers often obtain credentials due to password reuse or users inadvertently downloading infected software on corporate devices. In 2023, 10 percent of intrusions began with evidence of stolen credentials, compared to 14 percent observed in 2022 according to Mandiant’s annual M-Trends report.

To combat these vulnerabilities, strong password management remains a critical component of cyber hygiene which is best achieved by implementing policies for strong, unique passwords combined with multi-factor authentication (MFA). It is equally beneficial to enforce strict access controls to ensure that only authorized personnel can access sensitive data and systems, and thereby reduce the risk of insider threats. Finally, regularly updating software and systems is crucial for protecting against known vulnerabilities. Outdated software can serve as an easy target to enter for attackers.

These habits will help to reduce the likelihood of cyberattacks like brute force attacks, stolen credentials, and phishing attempts. Key elements of cyber hygiene also include fostering cybersecurity awareness through user education and training employees to recognize phishing attempts, social engineering tactics, and other threats to reduce the risk of successful attacks. Examples of training methods include phishing simulations, cyber awareness campaigns, and safe internet browsing demonstrations.

Data Protection: Safeguarding the Most Valuable Asset

Data is often regarded as the most valuable asset for any organization. Effective data protection measures help organizations maintain the integrity and confidentiality of their information, even in the face of cyber threats.

This includes implementing encryption for sensitive data, employing access controls to restrict unauthorized access, and deploying data loss prevention (DLP) solutions. Regular backups -- both on-site and in the cloud -- are critical for ensuring that data can be restored quickly in case of a breach or ransomware attack.

Incident Response: Minimizing Damage in the Event of an Attack

Even with the best preventive measures in place, security incidents are inevitable. Preparation is key meaning that organizations must have a well-defined incident response plan that includes a dedicated crisis management team and clear protocols for addressing different types of incidents.

Identifying and containing an incident quickly can prevent the spread of further damage from incidents involving malware, data breaches or unauthorized access, significantly lowering the dwell time and restoring business operations without delay. Conducting a post-incident review to analyze what went wrong and how to improve future responses will help strengthen overall resilience.

Incident Recovery

Specific incident recovery plans and procedures must be tailored to the recovery of data during a cyber breach due to the nature of the attack. Typically, threat actors will corrupt an organization’s data and systems. Therefore, it is imperative that backups are not only immutable but are also recovered and analyzed first in an isolated environment, known as a clean room, to avoid the recovery of infected data and systems.

This increases the guarantee of recovery after experiencing a breach, as the data is no longer susceptible to the same risks as other data in the live production environment. Clean rooms play a critical role in conducting forensic analysis, by validating the data's integrity and usability to ensure the systems are free from any malware before recovery.

Compliance and Governance

Adhering to regulatory requirements and governance frameworks is vital for maintaining cyber resilience. This includes regulations such as GDPR, HIPAA, NIS2 and DORA. Integrating compliance into the organization’s security strategy not only helps avoid legal penalties but also enhances overall security. By implementing necessary controls and procedures, organizations can demonstrate their commitment to protecting sensitive data and maintaining operational integrity.

Continuous Improvement

The cyber landscape is constantly evolving, which necessitates a mindset of continuous improvement to remain agile and capable of responding to the dynamic nature of cyber threats.

Learning from past incidents, staying on top of industry best practices, and adapting to new threats are essential for maintaining an effective cybersecurity posture. Organizations must regularly review and update their cyber resilience strategies and policies.

Investing in cyber resilience is not just a necessity -- it’s a strategic imperative. Organizations that embrace these pillars safeguard their assets, secure long-term success and earn lasting trust from customers and stakeholders in today’s complex threat landscape.

Image Credit: slickspics/depositphotos

Sam Woodcock is Director of Cloud Strategy and Enablement at 11:11 Systems.