3 weeks ago, President Biden issued a statement that can be best described as a rallying cry to Americans, especially American businesses, stating that "This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience."
President Biden's statement and his choice of the word, "Resilience", paint a clear picture. The American government realizes that the fate of national security no longer lies squarely within the realm of responsibilities of the pentagon or three-letter security agencies.
No. The reality - would that it was not so - is that you, me, our companies, and our people, are now on the frontlines. Since software and information technology drive the economy, such products/ services and the companies that provide them are increasingly attractive targets for cyberattacks, spying, or extortion.
Why Should We Care About "Resilience"?
According to Wired, in 2015, Ukraine suffered a series of cyberattacks on their power grid that resulted in electricity being cut from parts of the capital, Kyiv. Over 230,000 consumers experienced power outages.
Fast forward to 2022, the Financial Times speaking with the head of Ukraine's National Security and Defence Council (who is a former head of the National Cyber Police) reported the following...
“The cyber attacks on the IT infrastructure, which preceded the physical invasion and bombing of Ukrainian cities, are the most complex cyber operation in history and are one of the first examples of what a real cyberwar looks like,”
This time though, there has been a considerable difference. The Ukrainian infrastructure has largely withstood the attacks thrown at it. Yes, there could be more to come, but so far, so good. According to Matt Olney who leads a threat intelligence group inside Cisco and helped study the 2015 hack...
"The Ukrainians now have the expertise that maybe they didn’t have back in 2015. They’ve learned the lessons of the past five, six years.
They built the processes, the boring things, the playbooks, the things that are just obnoxious to do in peacetime. Now that we are in this critical situation, they’re all paying off."
Evidently, the Ukrainians got resilient - no pun intended:)
What's Resilient Security?
Resilience can be defined as the ability to withstand adversity. This is key in the current cyber climate, because sooner or later, unsophisticated or sophisticated, the attacks will come.
Resilient security involves establishing the defense-in-depth that is required to deter, withstand, or reduce the impact of cyberattacks.
The question isn't whether your business will be attacked, but rather how you will respond or how you're set up to respond.
How Can Software Businesses Be Resilient?
Last week, the Biden-Harris administration released a fact sheet with guidance for protecting businesses against cyber attacks. A number of items in that sheet were urgent directives for software and technology companies. We will unpack each of those items in our next newsletter to help you understand how to become a more resilient software business.
You can also click the button below to talk with us about the resilience strategy that is right for your company.