When the year is over and we try to venture what will happen in the new one, a priori we think of more attacks from cybercriminals, ransomware and data breaches. To keep these things from happening, security companies are innovating and developing new ways to help organizations defend themselves against all these dangers that threaten them. However, companies should not spend all the resources allocated to prevention, they should also look at cyber-resilience.
What is cyber-resilience and how does it work
Even after we make a significant investment in traditional security features like firewalls and DLP, they are not going to guarantee that data breaches will continue to occur. Even when an attack occurs, companies must stay up and running even during the crisis. Cyber-resilience can be defined as the ability to resist, protect and defend the use of cyberspace from attackers.
In this sense, companies must be prepared to respond quickly to attacks. The objective is to ensure that the services they provide are not paralyzed, thus strengthening their capacities for identification, detection, prevention, containment, recovery, cooperation and continuous improvement, to face all types of threats. Here you have a framework with the cyber-resilience indicators in INCIBE organizations.
This framework for measuring indicators can be a good starting point to enrich our security scheme.
The importance of cyber-resilience by 2021
Today, we live in an age where we have become very dependent on cloud computing and technology. As a consequence, we have seen a significant increase in cybercrime. The shift we have experienced in this 202nd towards remote work and the use of the cloud during this time of pandemic has changed the way we work.
Thus, cyber-resilience has begun to gain prominence and its focus shifts from protecting borders to ensuring that business operations can be restored after a cyber attack. The objectives that are intended to be achieved here are to ensure that our network and data from IT systems are protected, and, furthermore, can be recovered in the event of a data breach.
Therefore, in 2021, it is expected that security providers will compete to offer us new tools and next-generation processes. With them, we will obtain an additional layer of defense to safeguard our companies by taking a step further. Thanks to encryption, key management and cyber-resilience frameworks, IT security teams will be able to address and manage issues more efficiently.
Our ultimate goal will be to protect our data, reduce or eliminate its loss and, also, comply with regulatory compliance requirements such as the GDPR regarding data protection.
Other security strategies for 2021
Cyber-resilience can be a good starting point, but we should not neglect other approaches or strategies that we can apply. Zero trust architectures need to be hardened . The shift towards remote work has shown home network environments typically less secure than corporate ones. This forces companies to think outside the box. It is no longer enough just to protect the company headquarters, it is also necessary to protect the place where we telework remotely.
In addition , sensitive computing will mature as more reliable TEE runtime technologies emerge . Thus, large IaaS providers such as AWS, Azure and Google Cloud are already developing TEE offerings as the last frontier of data protection. We must also adopt a new encryption technology , such as homomorphic encryption, which will be adopted earlier than planned to improve our security.
Finally, a separation must be made between lock and key . This is important because if an encryption key is lost, we could not recover the data in any way. IT teams will adopt the separation of encryption blocks (the encryption) and keys (digital keys) as a best practice for data security.