Improve your ability to anticipate, withstand, contain and rapidly recover from a cyber attack.
Cyber resilience refers to how you continue to operate critical business functions when cybersecurity and operational controls start failing. This is your ability to anticipate, withstand, contain and rapidly recover from a cyber attack. By establishing a Cyber Resilience point of view, or lens, businesses consider existing Disaster Recovery and Business Continuity Planning identifying competing objectives and priorities that may impact your business during cyber-attack.
“Cyber resilience is the ability to bounce back securely and adapt quickly through business challenges. This unique capability is pivotal for the digital transformation journey.”
- Michael Woods (CEO Tannhauser)
Our Cyber Resilience methodology and approach to assist your business is built on five core areas: Engage, Anticipate, Absorb, Recover and Adapt.
Engagement: Engage senior management and key stakeholders, understand your business, establish a governance framework and define how operational effectiveness will be communicated to the business owners.
Anticipate: This is your capability to predict, prevent and prepare for cyber attacks. Through threat intelligence, crown jewel analysis, critical function mapping and business impact assessments you can start to piece together your areas of risk. Proactively understand the certainty and uncertainty of threats, of both adversarial and non-adversarial. Plan for failure for a variety of events and ensure your business is securely resilient to such events.
Absorb: Ensure essential business functions continue to operate in the event of a successful cyber attack. Graceful degradation approaches for technology, process and people and how these can be modified to maintain operations. Consider re-routing paths, turning off non- essential services, cloud technology to spread the risk or even a messaging service to ensure transaction advice can be communicated securely. Industry leaders have external staff augmentation contracts established to respond to staffing requirements during targeted attacks.
Recover: Restore affected business functions after a cyber attack back to normal operations. How do you plug the gaping hole? Do you have in-house forensics capabilities? Bringing systems back online needs to be thoughtfully approached as sometimes issues can grow in magnitude by re-initiating services previously down. Who provides your legal advice to advise on the best course of action during this difficult time. How do you communicate the incident externally and how will this change with mandatory requirements? Documenting and regularly testing playbooks for typical scenarios help to build the muscle memory required reduce the down-time and loss expectancy.
Adapt: Continual and open feedback loops must be established, often lessons learnt sessions are left out after an incident. Cyber resilience is a journey; it's not a set of checklists. If your budget allows you consider emerging technology (AI, NGFW, etc.) to address the risk.
There is a need to continuously improve defences based on new information and threat intelligence. A mature cyber resilience programme includes:
1. Security Champion at board level drives cyber security governance.
2. Strong cross functional governance group manages cyber risk with enhanced business engagement.
3. Technology risks are mapped to business risk and regularly reviewed by the board.
4. Resilience approach is threat and risk driven and assumes a continuous state of compromise.
5. Cyber security is tested using stakeholder walk-through scenario reviews and real-life stress testing of scenarios eg: Red Teaming.
6. Critical business functions and valuable digital assets “crown jewels” are identified.
7. Cyber crisis response awareness at all levels within the business.
8. Threat landscape is regularly scanned to understand potential exposure and risk posture.
9. Resilience is enhanced through threat intelligence sharing with industry peers and central bodies.
There is going to be a learning period as businesses adjust to these concepts; however, these are necessary changes. Cyber resilience is aligned to customer-centricity which must be a strategic business objective in challenging climates. Consider cyber resilience as part of this customer focused program and the effort you invest now will be rewarded when the inevitable occurs.
- Stakeholder workshops
- Access to key staff
- Available playbooks and existing procedures related to resilience
- Critical Functions and Assets
- Senior experience in responding to and managing cyber incidents
- Strategic, tactical and operational advice to address the five core cyber resilience areas
Rapid response to issues impacting your business-critical functions.
Our Tannhauser Critical Incident Response Team (CIRT) provides a rapid response to issues impacting your valuable assets and business-critical functions.
In the event of a cyber incident, we can provide on-demand access to incident response specialists to quickly contain and address issues facing your business. To further enhance your response speed we also provide:
● 24/7 emergency response hotline.
● On-site and remote response.
● Incident response retainer services.
● Preparedness exercises and training for staff at board-level to first-responders.
● Workshops to understand your critical business functions and valuable digital assets from a business context.
● Post incident workshops and root cause analysis to identify lessons learned, adapt and emerge stronger.
“In cybersecurity, speed is the essential factor in limiting damage. The more time attackers can spend inside a target’s network, the more they can steal and destroy.“
- Crowdstrike (2019)
Our methodology and approach to incident response has been developed and refined over years of experience addressing major issues. Establishing a successful incident response capability requires substantial planning and resources. Tannhauser will support your immediate response requirements and help your business to become more resilient for the future.
- Your business needs and priorities
- Access to key people and resources
- Rapid response to cyber incidents
- Formal incident response report
Digital crime and forensic investigation services.
Digital forensic science focuses on the recovery and investigation of material found in digital devices related to cybercrime. The term digital forensics was first used as a synonym for computer forensics. Since then, it has expanded to cover the investigation of any devices that can store digital data.
“Digital forensics is the process of uncovering and interpreting electronic data. The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying, and validating the digital information to reconstruct past events. The context is most often for the usage of data in a court of law, though digital forensics can be used in other instances.”
Our staff, tools and technologies can provide comprehensive forensic investigation services as part of an incident response or to recover digital evidence. Acquisition, analysis and reporting is undertaken by trained technicians, preserving and documenting evidence to support legal requirements and further action.
- Access to the digital device preferably left turned on (if possible)
- Clear requirements and confirmation of legal ownership of the device
- Detailed forensics investigation report
- Forensic expert witness as required for court proceedings
Oops! Something went wrong while submitting the form.
Our Insights, Blog, and Case Studies provide the inspiration you need to address cyber security — and succeed as a business.