In past few years the annual rate of cybersecurity breaches has almost been doubled, and as a result sometime millions of records are exposed. Especially in 2021 the average cost of data breach was staggering $4.24 Million (based on a report published by IBM recently).

This article touches upon four major principles that can help achieve and maintain a more sustainable approach towards cybersecurity. RAAR: Reliability, Accuracy, Architecture, Resiliency, Let’s look into this one by one. 

Reliability:

Reliability can be defined as the ability to execute the required job that it is meant to perform and resist any disruptions (or attacks) against the information system assets or infrastructure. Reliability plays a crucial role when it comes to security of these information assets, security and reliability are interdependent to each other and cannot sustain independently in today's environment, as our systems and infrastructure are expanding rapidly and becoming more and more complex at the same time. These expansions do provide a technological advantage but also opens more room for errors and increases the potential exposure area from security risk & threat point of view. A true fault tolerant system cannot exist in today's scenario, without an alignment with system security. For instance, if the integrity (security) of the system is disturbed then it will impact the reliability of the system, and if the reliability (correctness) is disturbed it will impact the system security. It is often mistaken that if we do take care of reliability then security is maintained as a by-product of it, and vice versa, but that is not entirely true, both need to happen with a dependency on each other. Maybe it can be explained with a simple example, say a firewall that protects the network perimeter and thwarts network-based attacks, if it fails to operate due to any unreliable hardware/software platform failure, it then compromises the security of the infrastructure it is supposed to be protecting as a result. On the other hand, if the hardware/software of the firewall has a security flaw and due to which an attacker can take advantage of it and bring down the hardware, then the reliability is compromised due to security failure. We can hence stress upon the fact that a system failure has happened then it may have happened due to low reliability or faulty security on both in some cases. Security and reliability must be part of the architecture, design and implementation considerations while building any new systems or modernising old ones. The key is that Reliability and Security are in a form of an entanglement that need to co-exist with each other, it’s not one or the other.

Accuracy:

In case of cybersecurity, ensuring that the accuracy of the information is precise and high fidelity. The information or data related to security need to be complete and relevant, at the same time it has to be consumable easily by different systems and users. If the information is not accurate then it will affect the quality of security for the organization. It is challenging to protect if there is a gap in information, for e.g. if we have to protect our assets, then we need to accurately know about our inventories and all assets, this can span from entire on-prem and cloud presence, self-managed or outsourced assets, applications, network infrastructure, mobile and endpoints, 3rd party vendor assets or anything else, their physical or virtual geographic location, internal or external, there could be more parameters to decide how accurate the information is about your organization, more the accuracy of the information, better could be security risk impact assessment of the information asset and that will help define highly accurate business impact or criticality. It does not end here; highly accurate risk data will lead to proper prioritization of response and remediation activities. Threat intelligence is another crucial part of security operations and response, it is needless to say that the process involves collection, evaluation and analysis to come out with actionable intel, and the core of this is the data that is being collected accurately, if the data collection is flawed or not accurate then the whole thing might fall apart and the intel could become misleading or useless. Generating threat intel involves a meticulous process of finding out relations between various cyber threats in an accurate manner, else organizations might end up making critical security decisions based on a threat intel that is inaccurate or even irrelevant for that matter, and that will end up in missed opportunity to detect threats in timely manner. Detection capabilities of intrusions are more effective when the attributes specific to attacks (past and present) are accurately identified and analysed for all phases of an attack kill chain.

Architecture:

Purpose of security architecture is to ensure foundational defences against security threats are properly aligned and integrated at all the time with the security standards, policies, functional and non-functional requirements, organizational strategies and roadmaps. Every organization has different, unique business and operational requirements, something that works for one organization certainly won’t work for the other, so the architecture has to be built by keeping in mind about what the individual needs are, what services are required, how they are executed and implemented. More so architecture also need to make sure that it accounts for any future changes and disruptions, Architecture probably is the only piece of work that brings in people, process and technology together to bind with all three factors, Accuracy, Reliability and Resiliency. Any reasonable architecture must ensure that it considers threat modelling to assess risks and exposed attack surface, this will allow one to see complete picture of the system they intent to build, connect all the dots. For e.g., if your intent is to bring up an application/platform then you need to possibly think what data the application/platform is going to process, how that data will be stored and secured, who all will have access to that data (how and why), what are the resiliency/reliability factors to be considered if there are data disruptions (think ransomware scenario for instance, as an inherent threat to data). Nonetheless cyber security architecture need to be assessed and updated at a regular interval, or in case there are changes in the current posture, delivery mechanism, addition or removal of features/methods/technology and also if there is an evolving threats situation. This guarantees that cyber security services/platforms/programs are producing the desired outcome and are perfectly aligned to organization's architectural requirements.

Resiliency:

Resiliency is the ability to adapt and the preparedness towards dynamically changing conditions so as to tolerate from possible disruptions and recover from it as swiftly as possible. Achieving resiliency in cybersecurity is not a new concept, however it still is an evolving and critical subject. Resiliency is better achieved by combining various approaches, right starting from having a strong and dynamic management towards changing threat environment that can or will disrupt the business and operations, to withstand those disruptions in case they really occur with no or limited compromise in business functionality, withstanding from any unforeseen disruption is possible by having a capability to fully anticipate the threat situation in advance and staying one step ahead of the adversaries. One most important step to become resilient is to be able to recover to fully or get back to best possible highest capacity, from any disruption or adverse situation as quickly as possible. So basically, assess the risk in advance, prevent the threat, respond to disruption and recover swiftly. Achieving the capability of higher resilience happens over a period of time and not gained instantaneously, it’s a long process. Enforcing and maintaining a baseline level of security is very first step towards the journey of being resilient. Followed by implementing strong security configuration management process, leveling up the bar of identity and access management, stringent vulnerability management capabilities, and a risk-based approach towards prioritization of threats and its remediations. In reality cybersecurity is the first layer that ensures to apply the available resources, tools, tech and processes to prevent any security breaches and higher level of resiliency can assist to recover from that known/unknown breach faster. One of the key elements in gaining resilience is to have redundancy, resiliency and redundancy are deeply connected to each other. Redundancy by design will allow to have multiple systems, assets and resources with identical functions. In an event of disruption these redundant systems must have the ability to replace each other as soon as the primary system fails. Security systems those are designed to failover to redundant systems as part of the standard mitigation strategy, will provide a more mature resilient environment.

I am very sure that there may be multiple ways to achieve “Sustainable Cybersecurity” other than the 4 principles that I describe, however I find that these 4 principles covers most of the aspects about how we can continue to maintain the level of cybersecurity that we may need to sustain.