In the year 2021, a series known as “A Journey in Organizational Resilience” was conducted. The subjects covered in this series continue to hold relevance today, and in many instances, they are even more crucial now, given the swift transformations witnessed in recent years. However, defining the term “resilience” can pose challenges, and by doing so, we may inadvertently narrow its scope, overlooking the broader context.
In this era of generative artificial intelligence (gen AI), the prevalence of breach data from information stealers and the incessant pressures on incident response teams highlight the necessity for a heightened focus on resilience, particularly in the realm of cyber resilience, due to the intricate nature of our systems.
To achieve this, we need to operate beyond the confines of our usual environment and diminish the vulnerabilities associated with complex systems.
How do you interpret the concept of “resilience”?
Resilience encompasses a wide array of aspects, which include but are not confined to sturdy technology (such as disaster recovery and backups), individual or organizational attitudes and coping mechanisms, as well as financial implications. Furthermore, possessing the managerial skills to effectively and persuasively communicate the financial or personnel-related repercussions following a technical disruption or shock are also vital components of resilient conduct.
Hence, let’s broaden the perspective of “resilience” to connote a capacity closely linked to the ability to navigate and adjust to swift changes, irrespective of their origins.
Utilizing this framework, we can concentrate on three primary emerging technological and data-centric challenges that are impacting cyber resilience today:
- Generative AI: a significant technological and industry mutation.
- Breach data: instances of mistakes and misfortunes, regardless of their causation (e.g., innocuous yet impactful data losses versus malevolent acts of deceit and theft).
- Incident response: a situation leading to an immediate and potent upheaval in business and operations.
Generative AI: An illustration of rapid transformation
There are few contemporary examples that better demonstrate the repercussions of an industry innovation than the disruptive nature of gen AI. Its advantages are currently being harnessed by both positive and negative actors. Apt utilization of gen AI (or other related AI tools) can enhance productivity through more efficient responses to security incidents, while inadequate implementation can result in financial setbacks, operational disruptions, and harm to reputation — at the very least.
However, with the most groundbreaking innovations, adoption typically surpasses adaptation. Envision two acceleration curves: the upper one, accelerating at a greater pace, symbolizes adoption, while the lower one, accelerating at a slower rate, represents adaptation. The gap between these curves signifies the risks or threats to resilience being accrued.
In the domain of gen AI, business pressures demand adoption — nearly every technology or service solution today boasts of utilizing artificial intelligence in some form. Yet, security measures are consistently lagging behind adoption, particularly when malicious actors are leveraging the same technology to gain a competitive edge.
So, how can this gap be bridged?
Assessing risk tolerance always serves as the initial step towards optimizing the resilience of your organization. In scenarios where gen AI is rapidly being adopted, and there is a prevailing ethos of “build it while flying it,” frameworks prove to be particularly beneficial. For instance, IBM’s Framework for Securing Generative AI aids in outlining essential principles, which encompass:
- Securing data
- Securing models
- Securing usage
- Securing infrastructure
- Establishing governance
- Managing the pipeline
Thus far, this framework appears heavily skewed towards security, and such an observation would indeed be accurate. Nonetheless, to redirect the focus to the broader context, commence by posing certain crucial questions:
- Can we ensure the timely and cost-effective security of data, models, usage, and infrastructure?
- Do we possess the requisite controls and procedures to institute and enforce governance and manage the surge in data?
- Does a compelling business case support adoption?
- Have we deliberated on the consequences of adopting too early or too late?
- Can we effectively handle a failure in gen AI, regardless of its origin?
- In the event of failure, how can we emerge stronger post-recovery from that learning experience?
Such inquiries prove beneficial during periods of rapid change. While striving to address your organizational needs, adhering to the principle of “perfect is the foe of good enough” assists in progressing towards pragmatic solutions. Furthermore, in scenarios involving a data breach or other incidents, preemptively addressing these queries can significantly influence strategic and tactical response and recovery endeavors.
Enhance your comprehension of cybersecurity and generative AI
Breach data: An illustration of mishaps and misfortunes
The abundance of data circulating poses a cause for concern. While data was historically viewed as an asset, it is gradually transforming into a liability. The inclination to retain information indefinitely (e.g., for marketing or long-term business prospects) can backfire long before any returns are realized, underscoring the need for improved data destruction policies and practices.
To gain insight into the future, let us juxtapose the instances of rapid transformation (gen AI) with mishaps and misfortunes (breach data) in order to showcase how your resilience will be put to the test. Tactics, techniques, and procedures (TTPs) are evolving, given that breached data can be harnessed through artificial intelligence and machine learning capabilities, allowing threat actors to devise social engineering attacks that capitalize on emotional vulnerabilities.
Why engage in the challenging technical endeavor of infiltrating a network when deceiving an unsuspecting user can yield even greater effectiveness? As per IBM’s 2024 X-Force Threat Intelligence Index, credentials theft is the foremost threat this year, with such incidents being facilitated by the rise of information stealers.
If proactive measures are not taken to clean up an individual’s and an organization’s digital footprint, successful attacks can lead topotential individual loss, breach of privacy, financial expenses, damage to reputation, regulatory sanctions, and erosion of trust. To put it briefly, when breached data spreads, it is akin to facing numerous challenges simultaneously. Can one recuperate from this?
The vital lesson in dealing with a data breach is rather straightforward: How can one recover effectively? A valuable approach is to analyze a worst-case scenario to pinpoint weaknesses and contemplate the unthinkable. Key inquiries include:
- If all critical data – such as personal details, proprietary information, confidential data, sales figures, strategic plans, etc. – were exposed outside secure environments, what would the initial response entail?
- How would the short-term and long-term responses be shaped? Would a significant shift in business operations be necessary?
Incident Response: An Instance of Disarray
The Year 2025 and Beyond
- Adopt a holistic perspective. Concentrating solely on making a single area of the business resilient, like ensuring high availability of IT systems, will fall short in the long run.
- Similar to cybersecurity, resilience planning will be steered by organizational culture.
- Which direction will you take? Will your strategy shift away from risk delegation approaches, such as reliance on external partners for mission-critical services, or will it lean towards embracing technologies intended to boost efficiency, thereby heightening reliance on third parties and services? There exists a trade-off. Choose wisely.
Resources for Crafting Your Cyber Resilience Strategy