In this video, Kip Boyle explores cyber resilience. Learn some of the key controls and policies that increase or decrease the effectiveness of an organization's information security program.
- [Narrator] Cyber Resilience. What is it? The Mirriam-Webster Dictionary says resilience is the ability to become successful again after something bad happens. Why do we need to focus on resilience now? Well, online attackers are stealing more from us than ever before, so our ability to detect and respond to a cyber-attack is just as important as trying to block it in the first place. Over the past several years, the volume of data breaches has been increasing.
Worldwide, cyber crime already costs businesses 400 billion dollars a year, according to the British insurance company Lloyd's. The average cost of a large company data breach is now 4.8 million dollars. Juniper research recently predicted that by 2019, the annual cost of data breaches will reach 2.1 trillion dollars globally. That's almost four times the cost of data breaches in 2015.
Why is this happening? Long gone are the days when our main online attacker was a technically talented but opportunistic teenager, or a group of online political protestors. They're both still with us, of course, but criminal attackers are more organized and better funded than ever, and they've learned that our security technologies are very good, so they've shifted their focus and are now attacking our people and processes. Consider a newer attack called the Business Email Compromise.
This online scam targets businesses working with foreign suppliers and organizations that regularly perform wire transfer payments. Here's how it works. Attackers impersonate a CEO over email, and then try to emotionally manipulate people into moving their company's money over to the criminal's offshore bank accounts. Using this one type of attack, cyber criminals have stolen over 3 billion dollars worldwide since 2013.
Now consider a newer and more sophisticated class of attackers, cyber warriors, whose goal is to steal secrets or fight covert cyber battles. Cyber warriors are funded by countries like the United States, Russia, and China. They have the expertise and resources to defeat even our best technological defenses. A favorite tactic of theirs is to discover what are called zero day exploits, and then create cyber weapons to take advantage of them.
Zero day exploits are serious, previously-unknown flaws in software and devices that can be exploited by attackers until they are discovered and fixed by the manufacturer. Zero day exploits have been discovered in the most expensive network firewalls, from top vendors such as Cisco. Zero day exploits have also been used to compromise the freely-available anonymous networking system called The Onion Router, or TOR. This class of attackers even severely damaged a uranium enrichment plant in Iran, which wasn't even directly connected to the internet when it was cyber attacked, and now some of these advanced cyber weapons are falling into private hands.
What does this mean for us? It means for the next 10 to 15 years, major cyber security breaches are inevitable for every organization connected to the internet. We need to be able to efficiently handle them and keep going, just like when a clever new competitor shows up or when we lose a major customer or funding source. So let's define cyber resilience as our ability to withstand and quickly recover from cyber attacks and other cyber-related incidents.
Now that we know why we need it, we'll include cyber resilience as goal for our information security program.
- Goals and components of an information security program
- Measuring and managing information risks
- Reducing risks to an acceptable level
- Using a workflow to organize your work
- Communicating progress with executives and stakeholders
- Demonstrating compliance