This is one in a series of related short essays for 2015 about the unrelenting cyber stresses every person and every organization now faces. The first essay, titled Cyber Risk, Security & Privacy (CRSP) – Waterloo Region’s Vibrant New Business Cluster, appeared in the December, 2014 issue of The Triangle.
“The purpose of life is not to be happy. It is to be useful, to be honorable, to be compassionate, to have it make some difference that you have lived and lived well.”
– Ralph Waldo Emerson
Cyber risk is growing so rapidly, and the hacking community has become so well-funded and sophisticated, more and more organizations are being breached in spite of concerted efforts to reduce their exposure. As a result the cybersecurity industry is now looking at the problem from a different perspective. In the past organizations were looking for better technology to address the problem, such as stronger firewalls, better intrusion prevention systems, faster internal traffic monitoring, and more effective event log analysis. However it became clear, in spite of more and more money being spent, a new approach was needed. As a result the industry responded with a new approach. The term for it is “cyber resilience”. In other words, how to minimize damage and bounce back quickly once a breach has occurred.
How does C3RM fit within this new cyber resilience model?
C3RM views the new cyber resilience model in terms of time relative to the point when a cyber incident occurs (i.e. first recognized). C3RM refers to this as the “Incident Response Timeline“. By assuming that incidents will happen, some of which will become serious security breaches, the focus surrounding the problem can be broken into three time periods:
- Pre-incident – a period when incidents can be avoided;
- Incident – a short period of time, measured in hours, when an incident is happening and can be assessed to determine how to classify it, react to it, and minimize the damage;
- Post-incident – a period of time after the incident where assessment occurs, recovery and restoration is completed, lessons are learned, and improvements for the future are implemented.
How do C3RM member organizations fit within this new Incident Response Timeline model?
The Incident Response Timeline is a simple way to better understand how C3RM member organizations help companies address cyber risk. For example, members like eSentire (real time monitoring), Watsec (risk assessment and education), and TrustPoint (secure communication protocols) offer technologies and services to address aspects of cyber risk that fall in the pre-incident time period. They very much are interested in assisting with the securing of systems and information before an incident happens. At the other end of the scale, organizations like ABEX (cyber insurance), Crawford (claims adjusters), and Miller Thomson (cyber law) assist organizations after a breach has occurred to help minimize damage and assist with fast recovery.
Although some cybersecurity companies address all three time periods, there are many who focus pre-incident loss control and problem avoidance and many who focus on post-incident cleanup.