How Quickly Will You Recover from A Cyber Attack?
Cyber resilience shifts focus from just preventing an attack to what happens after.
Protecting your business emails is about more than just filtering out spam, malware, and business e-mail compromise emails. In the context of migrating to Microsoft Office 365 and other cloud-based systems, email becomes an even more critical lifeline for the business – and a broader cyber resilience strategy is essential to ensuring it remains available no matter what happens.
Cyber resilience is a fundamentally different paradigm for email security. Rather than focusing on trying to stop every threat before it gets into the enterprise, cyber resilience pushes you to assume that you will at some point be compromised.
When this happens, the critical question is not whether the compromise should have been stopped; it will be how quickly you can get the business back up and operating properly again. Because in the end, it’s what you do after a breach that determines how much it will affect your business.
As a growing number of Australian companies are learning, cloud-based email filtering and archiving provides an invaluable part of a cyber resilience defense. A ransomware attack may, for example in a mild outbreak, take one or more individual computers offline – but if email and other key systems are still accessible from an external cloud service, the business can continue operating while email disaster recovery plans are executed and the damage is repaired.
Developing a plan to facilitate continuity of service and recovery should be high on the priority list of every IT manager. Yet this process of course should also be part of a broader effort to minimize exposure by ensuring that defensive mechanisms such as email spam filtering are the best they can be, given how prevalent email-based attacks are – preventing attacks from getting through, and saving companies from having to activate their resilience plans in the first place.
Despite their diligence, regular evaluations of email security system strategies suggest that many companies are setting themselves up for failure by taking the wrong approach to cyber resilience.
A regular Email Security Risk Assessment report continues to show, poorly configured filtering settings, ineffective email security, and out-of-date signature-based scanning regularly leaves companies under-protected.
As of the December 2017 report, ESRA analysis has driven the inspection of 55.6 million emails, involving 97,564 email users. All of these emails had been cleared as safe by customers’ incumbent email-filtering systems – but 12.5 million of them were picked up as spam, and 7.8 million of those were quarantined as being potentially dangerous.
Multi-layered risk management
The ESRA results found that incumbent email-security systems are missing 22.5 percent of “bad” or “likely bad” emails. This suggests that many companies are putting unnecessary pressure on themselves, and their cyber resilience postures, by relying on ineffective corporate cybersecurity solutions that fail to eliminate business-critical risk.
Addressing this gap is crucial for any company, and the migration to cloud-based systems is an opportune point for the evaluation of current practices. That migration requires a change in the way business systems are run, and in particular a multi-layered defense strategy that ensures no single security failure can bring down the entire business.
Thanks to the flexibility of the cloud architecture, different layers in this defense can be sourced from different cloud providers. Cloud-based email, for example, might come from one provider while email backup could come from another, and critical infrastructure protection from somewhere else entirely.
Spreading risk in this way is fundamental to any effective cyber resilience strategy since a key part of the recovery effort lies in the company’s ability to rapidly compensate for the loss of a particular system or capability.
Layering can also be a technique for streamlining the migration process – for example, by adding a cloud-based email security system that works alongside the existing system. This approach not only provides resilience for the email function but can facilitate a seamless migration once the organization is ready to move its environment completely into the cloud.
A careful architectural design will help turn cyber resilience into reality – but it’s important to remember that such architectures also need to be regularly tested to ensure that failover recovery function as intended. By combining a multi-layered solutions approach to reduce data-security risk while moderating business risk with a seamless recovery and business continuity plan, you can leverage the cloud to deliver true cyber resilience in the long run.