Put cyber resilienceinto action

Go from responding to incidents to stopping intrusions that disrupt operations.

Why leading teams are embracing cyber resilience

Cyber resilience is an organization's ability to anticipate, respond to, and recover from cyber attacks while continuing to operate effectively.

Financial impact

Cyber resilience reduces financial burden of a breach by decreasing the likelihood and impact of attacks.

Reputation and trust

Organizations that demonstrate strong cyber resilience earn the trust of their customers, partners, and stakeholders. 

Regulatory compliance

Cyber resilience is closely tied to regulatory compliance requirements.

Competitive advantage

Customers, investors, and partners choose organizations that demonstrate the ability to withstand cyber attacks. 

The five step process for cyber resilience

While there are many variations – like Gartner’s ® Continuous Threat and Exposure Management (CTEM) and NIST’s Five Pillars – there is alignment in approaches around core risk management concepts.

  1. Focus

    • Set a narrow and actionable focus for this iteration of the cyber resilience process. 
    • The process can be scoped on an attack surface (ie., external-facing assets, cloud assets), by threat vector (ie., lookalike domains, insecure emails), or by business application (ie., brand abuse, executive impersonation). 
    • Stay focused and avoid the temptation to try to do everything.
  2. Action plan

    • Begin with the end in mind. 
    • Set forth an action plan for when you find security issues related to your focus. 
    • Scenario plan, gain organizational alignment on resources and timeline.
    • Use if/then statements like “if we find certificates that are expired we will renew them within 24 hours.”
  3. Verify

    • Confirm the risk or threat is truly exploitable through red teaming, penetration testing or other validation methods. 85 percent of security issues in backlogs cannot be exploited.
    • Validate the time investment for remediation
  4. Prioritize

    • Risks that are in scope and have been validated as truly exploitable should be prioritized based on business impact, likelihood of exploit and severity.
    • Leverage information from automated tooling and organizational expertise to build a prioritized inventory of items to be remediated.
  5. Remediate

    • Focus on the business impact, not the number of issues fixed.
    • Use automated fixes like patches and upgrades in addition to manual remediations for non-patchable exposures.
    • Communicate effectively about the impact of the fixes through non-technical language.

More cyber resilience resources