Businesses are increasingly expected to be “cyber resilient” Implications for cyber security teams and managers Cyber resilience as part of operational resilience Benefits of automating cyber resilience processes Connecting cyber resilience to TDIR and CTEM solutions Cyber resilience: Where it all comes together Solutions

Modern digital businesses face multiple cyber security challenges – targeted attacks, ransomware, and ever more complex threats – that threaten the disruption to their operations. These challenges come as businesses increasingly rely on IT systems, and the systems of their suppliers, to deliver services.

Businesses are increasingly expected to be “cyber resilient”

Businesses are increasingly expected to be “cyber resilient”

Regulators, customers and stakeholders more generally, are putting organisations under intense pressure to keep their operations running and resilient in the face of these threats. In some sectors, for example finance and critical infrastructure, there are regulatory standards either in place or coming into force.

These recognise that a failure in the case of a bank or utility provider, for example, can have far reaching effects on customers, citizens and the wider economy as people’s lives and other businesses are disrupted. With large organisations such as these having ever expanding supply chains, the risk of a breach or outage doesn’t just come from 3rd party suppliers, but also from anyone upstream in the supply chain.

  • In the UK, finance firms are required to improve the operational resilience and protection of important business services – both their own controls, and those of critical suppliers, in accordance with Financial Conduct Authority (FCA) Policy Statement PS21/3.
  • Australia’s APRA CPS 230 on Operational Risk Management, which commences in July 2025, will require entities to manage operational risks with effective internal controls, monitoring and remediation. It then extends to them being able to maintain continuity of critical operations even when their operations are disrupted.
  • The Digital Operational Resilience Act (DORA) in the EU came into force in January 2023 and will apply as of January 2025. It aims at strengthening the IT security of financial entities to make sure the sector can withstand operational disruptions.
  • Meanwhile, the NIS 2 Directive aims to achieve a high common level of cyber security across the European Union for critical infrastructure – ensuring that essential and important entities take appropriate technical, operational and organisational measures to manage the risks to their networks and information systems, and to minimise the impact of incidents.

These are just a few of the more pressing legal and regulatory examples of this growing importance of cyber resilience as a key part of organisational resilience. Wider corporate governance and continuous reporting requirements that affect all sectors and listed businesses are now becoming commonplace.

Businesses, and more specifically boards, can no longer avoid, to pay lip service to, or pass the buck on cyber security and resilience.

quote icon

Businesses, and more specifically boards, can no longer avoid, to pay lip service to, or pass the buck on cyber security and resilience.

Implications for cyber security teams and managers

Implications for cyber security teams and managers

Boards are seeking more reliable, data-driven, prompt and accurate determination of, and reporting on, emerging vulnerabilities as a consequence of their more volatile and complex operating environments. Bottom-up data on threat exposures need to be regularly collected, analysed and reported at scale.

Many of the vulnerabilities that operational and cyber resilience efforts aim to address can occur unexpectedly and at a rate that even the best security teams are ill-equipped to respond to. Managing the cyber risks and overall resilience of an organisation is not an occasional activity. Problems could arise at any time and operational governance demands rapid and in the best case, an automated, response to support the ongoing resilience of the enterprise. There are many factors that can quickly impact resilience and make attacks more likely and less survivable:

  • System failures.
  • Incorrect user provisioning.
  • Flawed patching processes.
  • Missing functionality updates.
  • Uncontrolled technology adoptions.
  • Backup failures.

And these can quickly become almost ongoing causes of disruption. Security teams cannot rely on ad hoc, intermittent assessments and response; they require current evidence- based information.

In dynamic environments, like the finance sector, healthcare and critical infrastructure, where operational factors are constantly changing, annual audits and even scenario-based operational resilience strategies are clearly no longer adequate.

Cyber resilience as part of operational resilience

Cyber resilience as part of operational resilience

Cyber resilience, as a key part of operational resilience, is confirmed by the importance of organisations having effective controls in place. So too are the associated monitoring and oversight processes and systems that ensure their efficacy.

Effective and robust controls deliver significant benefits, including:

  • Improve the readiness of organisations to withstand and recover from cyber-attacks.
  • Minimise the impact of security incidents on business operations and reputation.
  • Promote a proactive approach to cyber security risk management, focusing on prevention, detection, and response.
  • Systematically enhance the ability of organisations to adapt to changing threat landscapes and emerging cyber risks.

These in turn enable the identification of vulnerabilities and mitigation of weaknesses, without which:

  • More frequent and damaging cyber-attacks could materially affect the bottom lines of organisations and their customers.
  • The perceived trustworthiness, reliability and reputation of organisations could be brought into question.
  • Organisations would be unable to systematically respond to changes in the threat landscape, and protect their technology system as new vulnerabilities emerge.
  • Organisations would be forever on the back foot, continually having to defend their own systems, and those of their suppliers, every time a cyber outage threatened.
Benefits of automating cyber resilience processes

Benefits of automating cyber resilience processes

The ability to continuously manage threat exposures is a key element of operational and cyber resilience. Automation of this vital process ensures more timely and accurate information about the risks faced than is available from sample based or manual audits. It also means technical teams are able to respond to senior managers with their demands for more frequent and reliable, evidence-based resilience information.

Automated solutions for control monitoring and threat exposure management enable:

  • Better threat prevention by implementing robust security controls, best practices, appropriate system configurations and security awareness to limit the risk of cyber disruption.
  • More timely incident detection and response through continuous monitoring, threat intelligence, and incident response.
  • More robust business continuity and less disruption to operations with resilient architectures, data backup and recovery strategies.
  • Easier adaption to changing and evolving cyber threats and risks with more agile security strategies, threat hunting capabilities, and the automation of key security processes to free up scarce analyst time.
  • Improved governance to help achieve and maintain compliance with regulatory requirements, industry standards, and contractual obligations through continuous compliance monitoring, risk assessment, and audit capabilities.
Connecting cyber resilience to TDIR and CTEM solutions

Connecting cyber resilience to TDIR and CTEM solutions

Anticipating increasingly complex scenarios that might disrupt business operations is one thing but establishing an operational resilience process that is able to address as-yet unknown risks is quite another.

Known risks can be anticipated as part of a wide range of “severe, but plausible, scenarios” but unknown risks, by definition, cannot.

This is where CTEM and TDIR solutions come in.

  • Continuous Threat Exposure Management (CTEM) means having an accurate, and up to date view of the exposures the business has in its systems, configurations, user accounts and permissions and security controls. The ability to automatically map exposures to risk, and then prioritise their mitigation provides a solid foundation for not only sound controls management, but also the ability to reliably report on cyber security posture.
  • Threat Detection, Investigation and Response (TDIR) includes technologies such as SIEM platforms, that allow the rapid detection of known and unknown threats based on known attack patterns, misuse and anomalous behaviours.

These solutions and processes link to threat intelligence and enrich organisational context with the exposure and vulnerability data it holds.

Security teams have the ability to enhance their TDIR processes with enriched CTEM information. By integrating that CTEM situational awareness into the TDIR process the SOC team can leverage the information to streamline its investigation and response workflows. In larger organisations, proactive CTEM information can be continuously collected and ingested directly into the TDIR telemetry process to instantly inform and guide analyst investigation and response workflows to fundamentally streamline SOC detection, analysis and response processes.

quote icon

Known risks can be anticipated as part of a wide range of “severe, but plausible, scenarios” but unknown risks, by definition, cannot.

Cyber resilience: Where it all comes together

Cyber resilience: Where it all comes together

Directors now hold responsibility for setting business and risk strategies as well as for the overall oversight of operational resilience standards and governance. In today’s uncertain and complex operating environment, it is not surprising that a disruption to any key operational resource can quickly affect the delivery of business goods and services.

The goal, for both the business leadership and the security team then, is to improve cyber resilience and protect the IT systems, assets and data that contribute to the ongoing operations of the organisation and its ability to deliver its goods and services. Increasingly legislators are demanding it.

For some Critical Infrastructure sectors, cyber resilience is the cornerstone of the wider regulatory requirement for Operational Resilience (sometimes called Operational Risk Management) that is being mandated in various jurisdictions like:

Organisational resilience more broadly is becoming a fundamental tenet of corporate governance and continuous disclosure. In essence, the ability of an organisation to continue to conduct operations, even in the event of disruption to key components of the product or services value chain, is a ’team’ responsibility. Cyber security leaders are now expected to contribute to the ongoing resilience of the organisation. The resilience of systems, processes, people and 3rd party inputs into the delivery of a product or service are all part of that responsibility.

While delegation of some of these specialist tasks is acceptable, oversight, evidence of the effectiveness of controls and lessons learned, together with an objective assessment of the success of operational resilience efforts, are a Board’s responsibility and must be available and demonstrable.

Solutions

It is for this reason that boards and senior managers, must now have demonstrable knowledge, experience and skills to discharge their obligations – including cyber security risks and resilience – across interdependent operational resources. They must be able to manage an effective governance process that integrates cyber resilience with the management of other operational risks to ensure the resilience of the enterprise.


Huntsman Security’s solutions allow continuous, easily available reporting on threat exposures – CTEM – and real-time threat detection and response – TDIR. And for those who choose, the ability to integrate the 2 processes to fundamentally transform the operation of the SOC team.

SIGN UP TO RECEIVE CYBER SECURITY INSIGHTS

Read by directors, executives, and security professionals globally, operating in the most complex of security environments.