Skip to content
11:11 Systems
The Resilient Cloud Platform
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • 11:11 Systems Consulting
          Consulting Services
          Global Regions
          Cloud Regions
          11:11 Systems Security
          Security

      • Column 2
        • Cloud Console
          Cloud Console
          Catalyst
          Planning and Assessment
          Compliance
          Compliance

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      • ESG Program
      •  
      • Careers
      • Technology Partners
      • Customer Stories
      • Innovation Blog
  • Products & Services
    • Products & Services

        • Cloud Overview
        • Managed Public Cloud
        • Private Cloud
        • Object Storage
        • Cloud Labs
        • Flexible Cloud Environment/Colocation
        • AWS Solutions
        • Managed OS Services
        • Managed DB Services

        Infrastructure as a Service

        Take a 30-day free trial of 11:11 Cloud.

        Cloud hosting built for your business.
        START FREE TRIAL
        REQUEST A QUOTE

        • Backup Overview
        • Veeam Backup
        • Microsoft 365 Backup
        • Managed Backup for Cohesity
        • Cyber Vault
        • Data Protection Services
        Backup as a Service

        11:11 Cloud Backup

        Protect your data wherever it lives.
        REQUEST A QUOTE
        REQUEST A DEMO

        • DRaaS Overview
        • DRaaS for Veeam
        • DRaaS for Zerto
        • DRaaS for Azure
        • DRaaS for Cohesity
        • Managed Recovery
        • Cloud Recovery
        • Cyber Recovery Platform
        • Infrastructure Recovery
        • Continuity Consulting Services
        • Disaster Recovery Consulting
        Disaster Recovery

        5TB 30Day Free Trial of DRaaS for Veeam

        Protect your business-critical workloads and reduce recovery time with the Leader in Disaster Recovery.
        START FREE TRIAL
        LEARN MORE

        • Security Overview
        • Continuous Risk Scanning
        • Managed Detection and Response
        • Managed SIEM
        • Managed EDR
        • Managed Firewall
        • Application and Zero Trust Services
        Security Services

        Take the first steps toward cyber resilience.

        Download our white paper and learn how to stay ahead of threats.
        REQUEST A QUOTE
        DOWNLOAD NOW

        • Networking Overview
        • SD-WAN
        • Managed Connectivity for AWS Direct Connect
        • Multi-Cloud Connect
        • Network Consulting Services
        Connectivity Services

        Transform your network.

        Take your infrastructure and performance to the next level.
        REQUEST A QUOTE
        WATCH VIDEO
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
    • Solutions Business Objective Submenu
      • BUSINESS OBJECTIVE
      • Cyber Resilience
      • Modernize
      • Protect
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Consulting Services
    • Cloud Console
    • Cloud Regions
    • Planning and Assessment
    • Security
    • Compliance
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • ESG Program
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Managed Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Flexible Cloud Environment/Colocation
    • AWS Solutions
    • Managed OS Services
    • Managed DB Services
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • Cyber Vault
    • Data Protection Services
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • DRaaS for Cohesity
    • Managed Recovery
    • Cloud Recovery
    • Cyber Recovery Platform
    • Infrastructure Recovery Services
    • Continuity Consulting
    • Disaster Recovery Consulting
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed Detection and Response
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • Application and Zero Trust Services
    • NETWORK
    • Network Overview
    • SD-WAN
    • Managed Connectivity for AWS Direct Connect
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • BUSINESS OBJECTIVE
    • Cyber Resilience
    • Modernize
    • Protect
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Product Documentation
    • API Documentation
  • Contact
  • Login
  • Free Trial
Tags: Backup and disaster recoveryThe NIST CyberSecurity FrameworkCybercrimeManaged Security Servicessecuritycyber threatsData ProtectionDraaSCloud ServicesDisaster RecoveryRansomware
Author: Brandon Leiker
Date: September 16, 2024

What is cyber resilience and how can my organization become cyber resilient?

There are a lot of fancy buzzwords in cybersecurity. One of this year’s most popular terms is Cyber Resilience but it is far from just a buzzword! In fact, The World Economic Forum agrees stating  “Cyber resilience is more than just a buzzword in the security industry; it is an essential approach to safeguarding digital assets in an era where cyber threats are not a matter of IF but WHEN.”

With cyber incidents like ransomware on the rise Check Point’s 2024 Cyber Security Report  mentioned that there were over 5000 publicly extorted ransomware victims in 2023.  This is  a 90% increase from the prior year.  So with these alarming statistics, what can organizations do to protect their networks and data?  To start it might be helpful to understand what cyber resilience really means.

The National Institute of Standards and Technology (NIST) defines cyber resilience as “The ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on systems that use or are enabled by cyber resources.”  This means that organizations need to adopt a holistic and comprehensive strategy for managing cyber risk, built on people, process, and technology.

To achieve this goal, organizations should align their cybersecurity program to a recognized industry framework to identify and close gaps and ensure completeness.  The NIST Cybersecurity Framework (CSF) is a flexible and adaptable methodology, enabling organizations to develop a comprehensive approach to cybersecurity and managing risk.

Earlier this year NIST released the much-anticipated version 2.0 of the ten year old framework. This update revised the framework’s focus to help all organizations, regardless of size or industry, manage and reduce risk vs the previous focus on critical infrastructure. It also expanded the framework from five core functions; Identify, Protect, Detect, Respond and Recover to include a sixth core function named Govern.

Through alignment with a framework such as the NIST CSF organizations can implement a comprehensive defense in depth strategy for cybersecurity. This is accomplished by leveraging the appropriate balance of administrative, technical and physical controls (also known as safeguards) necessary to achieve their risk management goals from both a proactive and reactive perspective.

Administrative controls are the policies, standards, and procedures that define an organization’s expectations, criteria for meeting those expectations, and how it will be accomplished. Technical controls are those hardware and software solutions that are implemented to provide protection of systems and data. Lastly, physical controls and those security controls that provide protection of an organization’s physical locations and assets.

There are five types of controls: preventative, detective, corrective, deterrent, and compensating. It is through the layering of controls that enables organizations to achieve defense in depth.

 

To become cyber resilient organizations must establish numerous capabilities as outlined within the NIST CSF.  Here is a summary. 

  • A cybersecurity risk management strategy, expectations, and policies. This includes establishing roles and responsibilities to declare who is responsible, accountable, consulted, and informed regarding decisions, activities, and oversight. Defining the organization’s risk appetite and tolerance, enabling an organization to determine how identified risks should treated and prioritized. Formalizing policies, standards, and procedures to define expectations regarding the use of technology, including what it can be used for, how it will be used, requirements for security, and operating procedures.
  • Cybersecurity risk assessment capabilities to enable the identification and assessment of risk. This capability is dependent on the foundational ability of maintaining an up-to-date inventory of assets, including applications, systems and data. If an organization does not understand their assets, including the locations of those assets it is not possible to accurately assess risk. Risk identification can be accomplished by conducting periodic business impact assessments, tests and audits. After a risk has been identified it should be assessed to understand its severity. The established risk management strategy, appetite and tolerance will provide guidance on whether an assessed risk should be accepted, mitigated, transferred/shared, or avoided. Processes need to be established to continuously improve based on information provided through exercises, tests, and lessons learned.
  • Safeguards to protect technology assets and reduce cybersecurity risk. Assets should be protected commensurate with their level of sensitivity and criticality. To facilitate this, segmentation and communication control should be leveraged to isolate and restrict communication between of different asset classifications. Encryption should be used to protection data at rest and in transit. Solutions should be implemented to prevent the installation and execution of unauthorized and malicious software. Identity and access management (IAM) with multifactor authentication (MFA) to identify, authenticate and authorize entities using role-based access control (RBAC) following the principle of least privilege. A security awareness and training (SAT) program should be established to educate all users of cybersecurity risks, as well as an organization’s policies and procedures.

 

Change and configuration management should be implemented and formalized, ensuring configurations are aligned with best practices and defined standards. Changes are evaluated to determine their potential impact and risk. A multitiered backup strategy aligned to the 3-2-1 rule should be implemented to enable the recovery of assets with specified recovery point objectives (RPOs). Business continuity and disaster recovery strategies should be established to enable the continuation of operations and ability to recover technology assets.

 

  • Capabilities to monitor and correlate security event information from assets to enable the detection anomalous or malicious activity. The ability to analyze discovered adverse events 24/7/365 to identify cybersecurity attacks and incidents. A security information and event management (SIEM) solution should be implemented to aggregate, normalize, correlate and retain event information. Threat intelligence and indicator of compromise (IOC) information should be incorporated to enhance detection and analysis capabilities.
  • Capabilities and documented plans to effectivity and efficiently respond to identified cybersecurity attacks and incidents. Clearly defined and documented processes for declaring, determining the severity, prioritizing, escalating and documenting a cybersecurity incident. Endpoint detection and response (EDR), security orchestration, automation and response (SOAR and other solutions should be leveraged to streamline containment and response activities. Processes should be established to appropriately communicate with internal and external stakeholders as well as the public during and after a cybersecurity incident.
  • A strategy and capabilities to effectivity and efficiently recover assets impacted by cybersecurity attacks and incidents. Clearly defined and documented criteria and processes for declaring a disaster, determining the recovery required, scope of the recovery, prioritization of resource recovery and successfully carry out recovery activities. This includes verifying the integrity of recovery media and that recovered assets are in a known good and clean state. Validating that recovered assets were restored successfully and operate as expected. Information about the recovery activities and progress should be appropriately communicated to internal and external stakeholders. Updates to the public should be communicated using approved procedures and messaging.

 

A nearly limitless number of risks exist each with the potential to compromise and disrupt technology solutions which are vital to conducting business. These risks are quite diverse; ranging from ransomware, hacktivism, insider threats, cyber-gangs, nation states, and script kiddies. With that, it is imperative that organizations achieve a state of cyber resilience to enable them to thrive in the face of these adverse conditions and actors.

 

To learn more about cyber resilience, cyber incident recovery, and data security please check out the following resources from 11:11 Systems.

  • Cyber Resilience Webinar
  • Cyber Incident Recovery
  • White Paper – Data Security
Categories: Cyber Resilience, Managed Services, Identity Theft, Cloud Backup, Cybercrime, DRaaS, Ransomware, SecurityBy Brandon LeikerSeptember 16, 2024
Tags: Backup and disaster recoveryThe NIST CyberSecurity FrameworkCybercrimeManaged Security Servicessecuritycyber threatsData ProtectionDraaSCloud ServicesDisaster RecoveryRansomware
Brandon Leiker

Author: Brandon Leiker

Brandon Leiker is a Principal Solutions Architect, Security at 11:11 Systems. In his role, Brandon supports the global solution architecture team by leading security discussions and designing security solutions. He has over 20 years of experience in IT and security across multiple verticals including energy, financial services, medical, banking, and manufacturing. Brandon’s background includes solution architecture, implementation, administration, security operations, and strategy, as well as governance, risk management, and compliance. He holds a master’s degree in Information Assurance Management and a bachelor’s in Information Networking and Telecommunications, both from Fort Hays State University in Kansas. In addition, Brandon holds numerous industry certifications, including CCSP, CISSP, CISA, CISM, CRISC, and CCISO.

Post navigation

PreviousPrevious post:The Importance of Operational Resilience in Private Equity: Safeguarding and Enhancing Portfolio ValueNextNext post:Why the disaster recovery strategy my company has always used may not be enough.

Related Posts

Better Network Visibility with New 11:11 Cloud Console Tools
August 21, 2025
How to Make the Case for Cyber Resilience
August 19, 2025
Graphic depiction of a backup repository
Simplify VBR Direct Repository Migration with VeeaMover
August 11, 2025
VMware Partner
Major VMware Partnership Announcement and How 11:11 Systems Keeps You Moving Forward
July 16, 2025
Entra ID
Recovering Entra ID with Veeam
July 16, 2025
Digital Operational Resilience Act (DORA)
Helping the Financial Sector Deliver Secure and Modern Infrastructure through Regulation
July 10, 2025
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Network as a Service
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • X
  • Youtube

© 2025 11:11 Systems Inc., All Rights Reserved | Privacy Notice | Website Terms of Use |

Go to Top