Skip to content

When will you be hacked? The Need for Cyber Resilience Skills.

Joey van Kuilenburg

when

blogCyber attackers are always one step ahead of the rest of the world – they have practically unlimited means, lots of sponsorships, the ability to remain undetected during and even after causing a catastrophic disaster, and a well coordinated network of sophisticated hackers and specialists. It’s therefore in the interest of organizations and cloud service providers to constantly strengthen their risk management system and cyber resilience posture, else they soon fall victim to the well-known adage; “When, and not IF, they will be hacked?”

One of the general characteristics of cloud computing is “Resilience”. Resilience, in general, means the ability to recover from an incident / change or adjust easily to it.

Cyber Security vs Cyber Resilience

Cyber security and cyber resilience focus on two different dimensions. Where Cyber security takes a reactive approach, which protects critical assets and valuable information from potential threats, cyber resilience additionally adopts a proactive approach, which prevents and detects threats while also responding and recovering quickly from any such resulting incidents. This minimizes the impact on service disruptions, financial losses, recovery times and possible reputation damage.

A serious limitation in the traditional security methods to combat the sophisticated cyber attacks in general as well as the dramatic rise of these attacks in recent years, has forced many organizations to reconsider their strategy of securing their overall environments. The need of the hour, undoubtedly, is to adopt and strengthen cyber resilience and not cyber security.

Cloud Services and Cyber Resilience

An example of cyber resilience is when cloud service providers implement a Disaster Recovery (DR) plan wherein, a primary site fails over to a secondary site thereby maintaining high availability and business continuity. Having at least two of a kind – two virtual servers or two load balancers instead of one – prevents a single point of failure, another example of implementing cyber resilience.

Cloud service providers particularly need to focus on cyber resilience, as their data centers worldwide host valuable information about multiple customers – the cloud characteristic of multi-tenancy. Proper segregation and isolation of customers’ resources as well as their data is highly important and necessary. Organizations that make use of private / community or a hybrid combination of cloud deployment models also need to properly plan and adopt cyber resilience.

Risks

Today, the highest risks posed are by insider threats (people) followed by poor processes, technology architecture, designs and coding practices. Add to this, the rise of social engineering, mobile devices and the Internet of Things (IoT), which only combine to provide more surface areas for attacks and exploitation by cyber criminals. Virtualization, the backbone of cloud computing, is also prone to an emerging set of hypervisor viruses that are specific to the technology now. All in all, as technology advances and the struggle in life tends to become relatively easier, the security aspects become more and more challenging.

An organization or a third party service provider today has to equally strengthen all its entities – assets, ports, networks, storage, identity access, policies, procedures etc. whereas the attacker just needs to scan for one flaw in any of the above to penetrate and disrupt an entire range of services for as long as possible. In addition, the attacker also has the ability to lay dormant within an organization’s system for a while, without being noticed, and then strike at an opportune moment with the ex-filtration of confidential and critical information. Such attacks, commonly known as Advanced Persistent Threats (APTs) and the so-called zero-day attacks cannot be handled by traditional firewalls and other security measures.

Building Cloud Resilience

In view of the above observations and findings, how does one go about adopting the right posture of cyber resilience for cloud services or for an organization in general?

Organizations can start evaluating several frameworks and standards for preparing themselves to attain their own level of cyber resilience. Some of the currently available frameworks and standards include:

Though the above frameworks and standards offer lots of information and guidance on cyber security / resilience, each organization (including cloud service providers) should further tailor these practices to suit their own risk appetite and risk acceptance criteria.

Lastly, and definitely not least, it is of critical importance to continuously train IT professionals on cyber resilience and security to have a fighting chance against cyber attacks.

Sudhakar Nagasampagi

Sudhakar Nagasampagi is a 25+ year IT professional, accredited master trainer, international speaker, trainer, course author, blogger, etc. He is an active Project Management Professional (PMP) and holds the ITIL 2011 foundation certification. He currently provides training in the areas of cloud computing and virtualization, in which he maintains numerous certifications. He also provides trainings in IT security and cloud security. He is the lead author and master trainer for the Cloud Credential Council (CCC) Cloud Technology Associate (CTA) course.

About the Author

Joey is a marketer who prefers to put in a bit of extra work to make an “ok” product or experience an amazing product or experience.

Never miss an interesting article

Get our latest news, tutorials, guides, tips & deals delivered to your inbox.

Please enter your name.
Please enter a valid email address.
Please check the required field.
Something went wrong. Please check your entries and try again.

Keep learning

PCSM-cover1

Knowledge Byte: Linking the Value of Cloud Services to Strategy

Defining, measuring, and demonstrating value can be complex. Having said that, "value" can generally be viewed as: The regard that a thing deserves to get,...
CTA-222

Knowledge Byte: What You Need to Know About Cloud Computing Audits

An audit is a systematic and independent verification of statements made by an enterprise. In the same way that a financial audit independently verifies the...
PCSA-111

Knowledge Byte: Transforming Businesses With Cloud Innovation

The cloud transformation can drive from “right to left” (top-down) or left to right” (bottom-up). This means that cloud computing can be used to change...
Scroll To Top
Tweet
Share
Share