The Oxford Dictionary defines resilience as “the capacity to recover quickly from difficulties; toughness.” That definition should speak volumes to you if you’re an IT pro, given that you’re likely responsible for making sure your organization can recover quickly from a data disaster like ransomware or any other cybersecurity breach. Resilience is a two-part equation. The first part is toughening your organization’s cyber defenses as much as possible. The second part is to make sure you can spring back if disaster strikes. And more than likely, it will strike. The Q3 update to the SonicWall Cyber Threat Report offers up some heart-stopping numbers:
- Global ransomware attacks surged 148 percent in 2021
- Ransomware attacks were projected to total 714 million in 2021
- Ransomware attempts through Q3 rose to 1,748 per customer!
The pressure is on to make your organization ever more resilient. Here are some tips and resources to help you get there.
Start With a Cyber Resilience Review
The Cybersecurity and Infrastructure Agency (CISA) offers several valuable resources for conducting a Cyber Resilience Review (CRR). This no-cost, voluntary, non-technical assessment that you can conduct yourself or have facilitated onsite by Department of Homeland Security (DHS) cybersecurity pros measures your current organizational resilience and provides a gap analysis for improvements based on best practices. The CRR assesses your enterprise’s programs and practices across 10 domains:
- Asset management
- Controls management
- Configuration and change management
- Vulnerability management
- Incident management
- Service continuity management
- Risk management
- External dependency management
- Training and awareness
- Situational awareness
The result of the review process is a CRR final report that documents your organization's current status and offers relevant options for improvements based on best practices. The report also maps your organization’s relative maturity in resilience processes in each of the 10 domains listed above.
Cybersecurity Resources for Business
CISA has put your tax dollars to work, building a deep repository of cybersecurity resources for businesses. Here, CISA breaks down its resources into the five Cybersecurity Framework Function Areas from the National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce. The five functions of the Framework Core are:
- Identify
- Protect
- Detect
- Respond
- Recover
The NIST website provides detailed descriptions for each of these functions, noting that these five primary pillars form the foundation for a successful and holistic cybersecurity program. CISA offers resources specifically for small and midsize businesses (SMBs), including a Cyber Essentials guide for small businesses and local government agencies to help kickstart implementing improved cybersecurity practices. The CISA site also includes links to a Cybersecurity Resources Road Map to help you put cybersecurity best practices in place and deploy the resources you need.
Ransomware Resources and Alerts
CISA offers more ways for your organization to become more resilient with its StopRansomware.gov website. The site includes resources, guides, and services to support your efforts. These services include free scanning and testing and the Cyber Security Evaluation Tool (CSET), a standalone desktop application that guides you through a systematic process of evaluating operational technology (OT) and information technology (IT). CSET was updated last year to include a Ransomware Readiness Assessment (RRA), a self-assessment based on a tiered set of practices to help you understand your current defense posture and ability to recover from a ransomware attack. You can also stay aware of the latest alerts from CISA, the FBI, and the Department of Treasury on the site.
Cybersecurity Awareness Tools
Another excellent resource for increasing cybersecurity awareness in your organization is the CISA Cybersecurity Awareness Program Toolkit. Here you’ll find materials ranging from social media cybersecurity tips to how to report a cybersecurity complaint.
Ensuring Business Continuity
In a recent post, we shared five tips for a critical component of resilience: closing gaps in your business continuity plan. The post covers five areas to focus your efforts: data and technology; internal communication; communication channels, essential personnel, equipment, and hardware. Arcserve UPD Cloud Direct is worth including in any conversation around resilience, data backup, and disaster recovery. This direct-to-cloud backup and disaster recovery as a service (BaaS/DRaaS) give you comprehensive data protection with consumer-grade usability—and without any hardware required on-premises.
Contact us to talk to an Arcserve data protection expert to learn more about your options for improving your organization’s resilience.
You May Also Like
- Backup and Disaster Recovery Business Continuity Cybersecurity Data Protection Data Resilience Ransomware
How Ransomware Works and What Your Company Can Do About It Today
April 18th, 2024 - Compliance Cybersecurity Data Protection
NIST Releases Updated Cybersecurity Framework
February 27th, 2024 - Backup and Disaster Recovery Business Continuity Cloud Compliance Cybersecurity Data Protection
How the SEC’s Cybersecurity Disclosure Rules Can Guide SaaS Data Protection for Mid-Size Companies
February 8th, 2024
