A mitigative perspective recognises that the best preventive measures are not impregnable.
This perspective hopes to use cybersecurity concepts to understand how systems on a network can still function, in the case of an attack or a breach. Currently, the most common reaction to an attack is to take the entire network or system down and restore to a backup when the attack has been stopped.
Taking down the entire network or system indiscriminately may lead to losses that could otherwise be prevented (only a small portion of the network/system may have been affected). This perspective aims to provide some insight on the options available during an attack by determining what services and functions are still usable.
An approach that you can take is to pre-emptively analyse the operating infrastructure before an attack. An example of such analysis is to model the dependencies between each component within an infrastructure. Understanding how each part fits in the grand scheme of things can give you an indication of how an attack can spread throughout your network. This information can be vital to understanding how an attack can impact functionality. Any reliance on third party providers and software should also be considered. This allows you to account for any attacks that may happen on the supply chain.
With the above in mind, one method of remedying the above is to ensure that you have sufficient redundancies present for critical components within your infrastructure. In other words, you should ensure that your system does not have a single point of failure.
An example of this would be to use two separate database servers and replicate data between the two in real time. If a failure or attack has been observed on one, you can switch to the other and resume normal operation in effectively no time. Another example is if critical components can be identified and isolated, appropriate software provided with a SaaS model can easily provide the necessary redundancies that your system needs to function. This is because a SaaS model usually means that the software provided are usually standalone or only have limited dependencies.
While a mitigative perspective provided methods and options where a preventive perspective could not, it is unable to measure how effective a spending strategy has been or provide a reasonable metric of whether current spending is sufficient. In our next post, we aim to provide an answer to the above by exploring cybersecurity from a risk and investment perspective, framing it as an operational risk.