Understanding the Risk Relationship Between Technologies, Individuals and Organizations is Resliency's Key Success Factor -- Emilio Griman, IBM Resiliency Services.

  • Cyber resilience is the ability of an organization to maintain its core purpose and integrity during and after a cyber-attack.

  • A 2019 Ponemon study, commissioned by IBM, found that hackers, on average, are in your IT environment nearly 200 days before you notice or find them or, when they notify you that they’ve taken control of your data.

  • Now is the right time to assess your resiliency posture on what worked, where you need to make improvements, and how to best move forward. Leaders need to talk to their employees at all levels, client partners, and supply partners, and ask them for their feedback and what they observed of your business from their point of view.

Failure to understand how cyber-perpetrators target individuals and organizations in an integrated manner represents one of the biggest threats facing businesses around world. As a result, it will be increasingly important for leaders to develop strong competencies around the concept of "cyber resilience." So says Emilio Griman, Director of Center of Competency, IBM Resiliency Services in a thought leadership interview with BizTechReports. Here is what Griman had to say:

Emilio Griman Headshot.png

Q: First of all, I want to thank you Emilio for taking the time to chat. Can we start by defining what we specifically mean by "cyber resilience"?

A: Cyber resilience is the ability of an organization to maintain its core purpose and integrity during and after a cyber-attack. Cyber resilience needs an end-to-end approach that brings together critical areas to ensure organizations continue to function during cyber-attacks and cyber outages. It combines the best practices from IT Security, Business Continuity, and other disciplines to create a business strategy more in line with the needs and goals of today’s digital business.

Q: How have you considered cyber in your business continuity and recovery plans?

A: Cyber is the fastest growing risk that could impact the continuous operations of an organization. Traditionally, business continuity and IT recovery plans address the most common risks, like power outages, hardware (servers, storage, networks), software failures, weather related events (hurricanes, floods, earthquakes) or human errors. If an event were to impact the business, most IT recovery plans would use the latest set of backup files to recover. If the event causing the outage or impact is due to cyber, how do you know that your backup files are not corrupted?

A 2019 Ponemon study, commissioned by IBM, found that hackers, on average, are in your IT environment nearly 200 days before you notice or find them or, when they notify you that they’ve taken control of your data. Cyber is changing how recovery must be looked at. Cyber is not just a security issue, it’s a serious risk and a business issue. Every business needs to incorporate recovering from a cyber attack in their business continuity and IT recovery plans.

The NIST (National Institute of Standards and Technology) framework, which is part of the U.S. Department of Commerce, is a risk-based approach to managing cybersecurity risk and is composed of five concurrent and continuous functions. These include:

  • Identify;

  • Protect;

  • Detect;

  • Respond; and

  • Recover

When considered together, these functions provide a high-level, strategic view of the life cycle of an organization’s management of cybersecurity risk. The NIST Framework is a U.S.-based guideline, but has been adopted globally.

We also cannot forget about the emotions that employees are going through during this crisis, or any crisis. People are the most important asset to every organization, and their needs must be properly addressed in business continuity plans. This includes:

  • Training your employees on the importance of protecting the business from cyber-attacks;

  • Protecting themselves against cyber-attacks; and

  • Helping them understand that protecting themselves and the business are equally important.

When cyber-attacks take place, and if information for the end-users are compromised in any way, employees need to be aware of what to look out for and what actions they should take if they suspect any level of cyber activity.

Q: How have you seen the threat landscape evolve as the COVID-19 crisis has unfolded?

A: As in every crisis event, there has also been a significant increase in cyber activity during the COVID-19 crisis. Hackers know this is when businesses and individuals are the most vulnerable. During a crisis event, we all have so many things on our plate that are taking up our time and resources, and typically we forget how hackers may impact us in a negative way. What makes businesses and individuals more vulnerable during COVID-19 is the rapid and unplanned transition to work from home.

According to the 2019 National Compensation Survey (NCS) from the federal Bureau of Labor Statistics, only 7% of civilian workers in the United States have access to a “flexible workplace” benefit, or telework. Many businesses never expected this new, larger amount of their workforce to be working from home and, as a result, did not have the right safety or security procedures and technology in place to allow employees to securely access the business’ infrastructure.

There have been many cases where employees are using their personal computers with down-level software or operating systems, making them more vulnerable to cyber-attacks when accessing their business infrastructure. This puts both the end-user and their employer’s business at risk.

Q: Have you seen enterprise exposure to risk rise to higher levels compared to the pre-crisis environment?

A: Absolutely. There has been a lot documented about the increase in cyber activity during COVID-19, with many events where the hackers have been successful. In line with recurring trends, I personally have seen many clients and businesses elevate their level of security alertness because of the increased cyber activities.

Q: How has this altered perspectives on resilience and continuity plans across the enterprise?

A: I have seen many of our IBM clients address their business continuity plans, but the majority of them still need to enhance their IT recovery plans to address cyber-attacks. I have also seen many of our larger enterprise clients take steps to protect and secure the gateway into their IT infrastructure. Overall, our business has seen an increase in interest in IBM’s Resiliency Consulting and Resiliency Orchestration/Cyber Incident Recovery capabilities to help improve customers’ levels of maturity for cyber recovery.

Q: What are the keys to optimizing cyber resilience as we move toward a post COVID-19 era?

A: Now is the right time to assess your resiliency posture on what worked, where you need to make improvements, and how to best move forward. Leaders need to talk to their employees at all levels, client partners, and supply partners, and ask them for their feedback and what they observed of your business from their point of view. Many organizations are not sure how to get started, and this is where IBM’s Resiliency Advisory Services can come in and support. For potential customers, this can help drive the assessment and provide a roadmap for improvement in their resiliency maturity. This is also a good time for leaders to re-evaluate their overall business and IT strategy. With the changes in the marketplace due to COVID-19, leaders need to ask themselves if their core strategies need to change. Be prepared to evaluate and fine-tune so you can emerge from this crisis stronger and focused on meeting the market’s needs. Resiliency must be part of this overall analysis and response.

Lane Cooper