Cyber threats like APT (Advance Persistence Threat), Malware, hacking, phishing, ransomware, and distributed denial-of-service (DDoS) attacks have the potential to cause enormous challenges for organizations. Not only can companies suffer serious service disruption and reputational damage, but the loss of personal data can also result in huge fines from regulators.
Some experts define cyber defence as preventing hackers from attacking your network and accessing your systems and data. Cyber resilience, they may view it, is about responding and recovering after an attack has happened. While they position cyber defence and cyber resilience as two separate activities, the reality is more complex than that. Cyber security can be seen as the first step in cyber resilience meaning any cyber resilience strategy must encompass cyber security.
This blog explains more:
If we map these two strategies with NIST -CSF (Cyber Security Framework), Cyber Defense is limited to Identify, Detect and protect pillars, however, Cyber Resilience also touches other two pillars i.e. Respond and Recover.
It should be clear by now that cyber security and cyber resilience are different but symbiotic. Some companies do still treat them as separate and inter-related solutions, often establishing cyber security and resilience policy frameworks and strategies. However, there is more value when cyber security forms an element of overall cyber resilience.
Why Cyber resilience over cyber security?
Cyber resilience starts with nailing the cyber security basics; at Wibmo, we call it “doing the common uncommonly well.” This includes regular risk assessment, patching vulnerabilities, detecting and mitigating threats, and awareness on how to defend company assets. But we need to be doing these things continuously, not just once a year.
The aim of cyber resilience is clear enough: to ensure operational and business continuity with minimal impact. But the reality can be harder to pin down because there’s currently a no good way to measure cyber resilience. As leaders, we need to have a certain level of confidence in our ability to respond to an attack, to maintain our customers’ trust, absorb the financial, legal, and brand impact and get back to business. But there is no widely-accepted cyber resilience framework, no maturity model, and I think there should be.
The four elements of cyber resilience:
I recommend a four-part approach to cyber resilience:
1. Manage and protect
The first element of a cyber resilience programme involves being able to identify, assess and manage the risks associated with network and information systems, including those across the supply chain.
2. Identify and detect
The second element of a cyber resilience programme depends on continual monitoring of network and information systems to detect anomalies and potential cyber security incidents before they can cause any significant damage.
3. Respond and recover
Implementing an incident response management programme and measures to ensure business continuity will help you continue to operate even if you have been hit by a cyberattack, and get back to business as usual as quickly and efficiently as possible.
4. Govern and assure
The final element is to ensure that your programme is overseen from the top of the organisation and built into business as usual. Over time, it should align more and more closely with your wider business objectives.
A cyber-resilient posture helps you to:
- Reduce financial losses;
- Meet legal and regulatory requirements:
- Improve your culture and internal processes; and
- Protect your brand and reputation