Home kellton

Main navigation

  • Services
    • Digital Business Services
      • Digital Experience
        • Product Strategy & Consulting
        • Product Design
        • Product Management
      • Product Engineering
        • Digital Application Development
        • Mobile Engineering
        • IoT & Wearables Solutions
        • Quality Engineering
      • Data Engineering & AI
        • Data Engineering
        • Data Science & ML
        • Generative AI & ChatGPT
        • Visualisation & Analytics
        • Integration & API
        • RPA
      • Cloud Engineering
        • Cloud Consulting
        • Cloud Migration
        • Cloud Managed Services
        • DevSecOps
      • NextGen Services
        • Blockchain
        • Web3
        • Metaverse
    • SAP
      • SAP Services
        • S/4HANA Implementations
        • SAP AMS Support
        • SAP Automation
        • SAP Security & GRC
        • SAP Value Added Solutions
        • Other SAP Implementations
  • Platforms & Products
    • Kellton4Health
    • Kellton4NFT
    • Kellton4Commerce
    • KLGAME
    • tHRive
    • Optima
  • Industries
    • Fintech, Banking, Financial Services & Insurance
    • Retail, E-Commerce & Distribution
    • Pharma, Healthcare & Life Sciences
    • Non-Profit, Government & Education
    • Travel, Logistics & Hospitality
    • HiTech, SaaS, ISV & Communications
    • Manufacturing, Automotive & Chemicals
    • Oil,Gas & Mining
    • Energy & Utilities
  • Insights
    • Blogs
    • Brochures
    • Success Stories
    • News / Announcements
    • Webinars
    • White papers
  • Careers
    • Life At Kellton
    • Jobs
  • About
    • About Us
    • Our Partners
    • Our Leadership
    • Testimonials
    • Investors
    • Privacy-Policy
    • Contact Us
Search

Breadcrumb

  1. Home
  2. Blogs
  3. Cyber Resilience & Security-by-Design: The New ...

Cyber Resilience & Security-by-Design: The New Approach to Cybersecurity Post-COVID-19

Cloud
Digital Transformation
August 13th , 2020
Posted By:
Vijay Prakash
linkedin
Building Cyber Resilience

Related Post

Thumbnail - Why should you run SAP on AWS?
Why should you run SAP on AWS?
02 Jun, 2023
Mobile App Development Cost
How Much Does Mobile App Development Cost in 2023?
31 May, 2023
Banner_SAP Activate Methodology_ a key enabler of agility in S_4HANA implementation_0
SAP Activate Methodology for S/4HANA Implementation: A key enabler of agility
29 May, 2023

Cybersecurity has holistically been a well-funded and highly prioritized process at most organizations to protect enterprise systems against cyber threats. However, in recent years, the instance of cyber-attacks and their impact on businesses has increased significantly. The persistent danger of cyber breaches is such that it’s no longer a question of ‘if’ but ‘when’.  


According to a recent Forbes Insights survey in collaboration with IBM, more than 50% of surveyed organizations have experienced at least one cyber incident in the past three years. The study further informs that 13% of organizations have lost data or faced downtime due to their cloud-service provider; around 58% of such cases were security breaches. 


While organizations across the world are continually striving to sustain business continuity during COVID-19, cyber criminals are trying to capitalize on the crisis. Post the outbreak of COVID-19; there’s been a spike in ransomware and phishing attacks. 


The attackers nowadays impersonate high-value brands to mislead people, using COVID-19 as bait. Not just businesses, even the end-users are being duped into downloading ransomware disguised as a legitimate application.
 

In their Q12020 Top-Clicked Phishing Report, security firm KnowBe4 has revealed that phishing email attacks related to COVID-19 grew by 600% in Q12020. According to the report, 45% of all phishing attacks asked the users to click or type their password on malicious domains. Apart from social media messages related to new login alerts and password resets, another common theme of email subject lines was HR-related messages focused around corona virus and working from home. 


The switch to remote working ecosystem mandated by the COVID-19 pandemic has further exposed the vulnerability of virtual private network (VPN) servers owned by organizations and educational institutions. Catching enterprise off-guard Denial of Service (DoS) attacks have become commonplace, leading to sensitive information of their users getting exposed on the internet. 


The cost of a data breach can be overwhelmingly huge for an organization, not to mention the collateral damage, including business disruptions, harm to reputation, and inviting regulatory actions. According to the Ponemon 2019 Cost of Data Breach Study, the average cost of a data breach is $3.92 million. 

How Cyber Resilience and Cybersecurity Are Interconnected?
 

Other than the familiar connotations of the common word ‘cyber’, cyber resilience is essentially a cohort term that encapsulates cybersecurity. Cybersecurity is a stand-alone process that focuses on preventing hackers from penetrating IT systems. Although it’s possible to avert a majority of attacks by implementing cybersecurity best practices, there’s virtually no guarantee that a security breach won’t occur. That’s where cyber resilience comes into play.  

While cybersecurity is the first line of defence that takes the ‘keeping them out’ approach, cyber resilience has a much broader scope in terms of how an organization can respond, if subjected to a cyber-attack. A cyber-resilient organization is one that is more capable of withstanding business disruptions caused by a cyber-attack and recover quickly. 

As per the US National Institute for Standards and Technology (NIST) Cyber Security Framework, which is an internationally recognized framework that details approach, activities, outcomes, and various aspects to cybersecurity, cyber resilience covers five stages – Identify, Protect, Detect, Respond, and Recover. Another critical aspect of cyber resilience is helping organizations in business continuity management by identifying the external and internal threats that have the potential to impact business operations. 

Cyber resilience means thinking long-term to prepare an organization by creating a resilient system to ensure undisrupted business operations despite a cyber-attack. Cyber resilience takes a ‘bend, but don’t break’ approach for securing business by bringing together the disciplines of business continuity, cybersecurity, and enterprise resilience. Cyber resilience is a broader process that does not rely alone on prevention but does leverage cybersecurity for protecting IT systems against cyber-crime.

Why Building Cyber Resilience Matters Most?

Taking a realistic view that no matter how robust the defences of the IT system inside an organization, there’s still a likelihood of some cyber-attack, led to the coining of the term ‘cyber resilience’. The UK Cyber Breaches Report (April 2019) states that 60% of mid-sized companies and 61% large enterprises have suffered a major cyber breach in the past year. 

When the IT ecosystem expands beyond the four walls of an organization, it is bound to expose certain gray areas, the most vexing and persistent blind spots being shadow IT, and the dependence on cloud-service providers. In an organization, shadow IT includes non-sanctioned devices, software, and applications. Since you can’t protect what you can’t see, shadow IT is perceived as a prominent cybersecurity threat. 

In the post-COVID-19 world, the increased cloud adoption has raised security risks for the organizations blindsided by the technology beyond their control, such as a custom cloud-based software service subscription. It is common knowledge that most modern businesses rely on their service providers to manage security in the cloud. But what happens if your cloud service provider sets the wrong parameters leaving your company’s cloud-based data wide open? 

According to the report based on a Forbes Insights and IBM survey, over 65% of organizations depend on their cloud-service provider for security, recovery, and continuity. However, only 45% of the surveyed executives are confident that their cloud-service provider can meet service-level-agreements (SLAs) during cyber events.
   
Many businesses rely on insuring their IT systems and assets against cyber-crime for risk coverage but have learned it the hard way that insurance can never be a substitute for a robust cyber resilience profile. The bottom line is that cyber risks are long-tail and hence hard to underwrite for the insurers. Building an orchestrated resilience remains the only viable approach to help minimize the impact of a cyber-attack by recovering quickly. 

A cyber-resilient business can continue to operate even while facing the most sophisticated cyber-attacks. Building cyber resilience enables organizations to embrace disruptions safely and strengthen customer trust. Rather than assuming that their cybersecurity measures would hold, it is more effective for businesses to accept that the worst might happen at some point and build the capability to respond. 
 

Security-by-Design – the New Approach to Cybersecurity
 

Security-by-Design (SbD) is a pragmatic, proactive, and strategic approach to cybersecurity that nurtures trust at every stage of a new digital initiative. On similar lines of cyber resilience, Security-by-Design is about enabling trust in an organization’s systems, designs, and data to lead transformational change for taking on more risk and innovate with confidence. The rising ubiquity of technologies like the Internet of Things (IoT) and Artificial Intelligence (AI) makes a compelling case for adopting a Security-by-Design approach. 

The 3 Pillars of Security-by-Design Approach

  • Checkpoints – Checkpoints are the defined time points during the Software Development Life Cycle (SDLC). Each checkpoint involves making an overall assessment of the system security along with deciding the future course of action. These are the evaluation points during the software development process, which assess how cyber resilient is our system and is it business worthy to proceed ahead or to call off the project. These could be internal vs external validations.

 

  • Activities – These are security-related activities which ensure the security of the system. These are operational, technical tasks which are done in parallel to regular software development activities so as the system is resilient and withstands the checkpoint evaluations. The activities are underpinning the security process and defining the expected outputs.

 

  • Plan  - Defining the timeline of activities as in above in sync with the software development process. The idea is to guide projects to meet Security-by-Design objectives.


Thus, Security-by-Design approach allows introducing security earlier in the development process rather than reactively enforcing security policies and always being behind.  The process involves making systems/software secure as part of the architecture planning process from the inception. The security specifications are coded into templates to ensure that the desired configuration is in place. There is no need for any significant security audit on every infrastructure change; however, an in-depth security assessment is optional when the infrastructure templates change substantially. SbD means less repetitive work and more focus on real issues.

Rethinking Cyber Risk Management Post-COVID-19: Key Takeaways

The outbreak of COVID-19 has forced organizations to become more reliant on the internet and digital ways of doing business.  As the lines blur between technology and business models, organizations need to reassess the threat and reprioritize their investments on mitigating cyber risks that could impact business outcomes. 

According to a recent Gartner report published in Q1 2020, cybersecurity is facing slowing budget growth. According to the report, while cybersecurity grew at 12% (CAGR) in 2018, it is projected to decline to only 7% (CAGR) by 2023. However, in this post-COVID-19 world, organizations need to rethink and realign their cyber risk management strategy to ward off cyber threats.

One-size-fits-all cybersecurity solutions seldom fit every use case. It would be best if you chose a reliable software vendor who can build a customized cybersecurity solution by deploying well-established cyber risk management principles such as the Cybersecurity Capability Maturity Model (C2M2).   

Posted By:
Vijay Prakash
linkedin

Want to know more?

Mobile App Development Cost
Blog
How Much Does Mobile App Development Cost in 2023?
31 May, 2023
Thumbnail - Best Android automated app testing frameworks in 2023
Blog
Best Android automated app testing frameworks in 2023
08 May, 2023
Banner - How to unlock customer loyalty as an insurer
Blog
How to unlock customer loyalty as an insurer?
01 May, 2023

Leading you through Digital Transformation journey

North America: +1.844.469.8900

Asia: +91.124.469.8900

Europe: +44.203.807.6911

Email: ask@kellton.com

Footer menu right

  • Digital Experience
  • Data Engineering & AI
  • Nextgen Services
  • About
  • Contact

Footer Menu Left

  • Product Engineering
  • Cloud Engineering
  • SAP Services
  • Careers
  • Success Stories
clutch Badge
GoodFirms Badge

© 2023 Kellton