The following excerpts are from a report from Immersive Labs on how to achieve cyber resilience.

Introduction

Security breaches have become a fact of corporate life over the past few years. Cyberattacks are accelerating at an alarming rate as hackers and their use of technology, techniques and procedures become more sophisticated and more cunning.

The statistics bear it out: the total number of data breaches through September 2021 exceeded the total number of events in all of 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020.

The cost is equally alarming. In a global study by IBM Security, data breaches now cost companies $4.24 million per incident on average—the highest cost of the 17-year history of the report. While drastic operational shifts during the pandemic were cited for costs rising 10% compared to the prior year, data breaches undoubtedly come at a high cost—financially and otherwise.

What, if anything, can be done about them, immediately and for the long term? Are technological countermeasures enough? Can organizations “counter-attack” these ever-growing threats and successfully keep them at bay, or will they forever be playing catch up in the race to defend themselves?

A solution that can meet the security concerns of today begins with the acknowledgment that cyber risks span the entire workforce. If organizations are to have any chance of standing resilient against threats, they must protect against cyberattacks continually and holistically, with enterprise-wide knowledge, skills and judgment.

Cyber Resilience as a Solution

Cyber resilience is about being able to continuously deliver business outcomes in the face of ever-changing, ever-growing risk—relying on both technical and non-technical teams for prevention, response, and remediation. In the past, this goal existed primarily within the enterprise security team—the “geeks”—but more recently, it has emerged as a holistic concern.

Cyber resilience lies in the hands of every business function—from the executives who must make rapid, confident decisions when facing a cyberattack, to the legal, comms and customer teams who must be able to effectively communicate the issue, to developers who must write secure code from the outset. Everyone has a part to play.

Maximizing Cyber Resilience—Step by Step

To be truly cyber resilient, an organization must be able to assess and measure workforce cyber capabilities, see exactly where their strengths and weaknesses are at any given point, and inject targeted simulations and exercises to optimize the knowledge, skills, and judgment.

Here are the three steps to achieve that:

  1. Exercise: Benchmark current knowledge, skills and judgment through realistic, role-specific cyber simulations across the entire workforce, with minimal impact on resources. Benefits:
    • Dynamic crisis scenarios that test organizational decision-making and impact against relevant threats
    • Role-specific content experiences that enable micro-drilling and generate data towards a workforce capability baseline
    • Screening functionality that demonstrates job candidates’ ability in place of a reliance on certifications and CVs
  2. Evidence: The organization must be able to easily map workforce capability data and insights to accepted risk frameworks for a real-time picture of cyber resilience and risks, benchmarked to peers. Benefits:
    • Data dashboards that organize platform telemetry by focus, visualizing knowledge, skills and judgment over time
    • MITRE | ATT&CK® framework mapping that can illustrate threat coverage and identify gaps
    • Real-time insights for up to the minute reporting and to inform strategic decision-making
  3. Equip: The organization must plug gaps in knowledge, skills and judgment using scalable content experiences tailored to each individual dependent on role and business risk. Benefits:
    • Bite-sized labs and content series for targeted upskilling across multiple individuals, teams, and roles
    • Complex environments for the realistic exploration of emerging threats by security teams
    • Customizable crisis scenarios to continuously refine confidence and points of weakness in incident response

Together, more resilient.

Bottom line—cyber workforce optimization is critical for organizations to continually protect against, and effectively respond to, the growing number of cyberattacks.

Cyber Workforce Optimization is a single solution that enables organizations to continually exercise teams relevant to their role to get the evidence they need about where they stand, and equips them with knowledge, skills and judgment.

The result—organizations can be confident that their workforce has the knowledge, skills, and judgment to stand up to every cyber threat, every time.