Cyber Resilience - What's all the hype about?

Cyber resilience has become the topic of swimming between the flags today. You can be helped, but you need to make good choices prior to going in the water.

It cannot be avoided; technology is an integral part of everyday business operations, and resilience is becoming a competitive advantage.

Cyber resilience has many forms; however, this article defines it as “The ability of an organisation to withstand, adapt to, and recover from cyber threats and attacks.” It is a proactive approach to cybersecurity that focuses on preparedness, response, and continuous improvement. Those who have worked with me know I call it a hygiene approach to cybersecurity.

Several high-profile cyber incidents demonstrate that the consequences of not prioritising cyber resilience can be severe. For instance, the WannaCry ransomware attack in May 2017 targeted hundreds of thousands of computers globally. It is one of the most impactful cyber attacks in recent history. For those who do not remember, the attack exploited vulnerabilities in older versions of the Windows operating system, encrypting users' files and demanding ransom payments.  The WannaCry incident highlighted the importance of maintaining up-to-date software and implementing robust cybersecurity measures to prevent and mitigate such threats. Simple mitigation, such as patching, would have made you resilient to this attack.

Similarly, the Equifax data breach in 2017 is another example of the consequences of inadequate cyber resilience. Hackers exploited a vulnerability in the company's web application to gain unauthorised access to sensitive personal information.

This breach exposed the individuals to identity theft and fraud and inflicted significant reputational damage on Equifax. Had Equifax prioritised cyber resilience by implementing proper security controls and response processes, the breach's impact could have been mitigated or significantly reduced.

As cybersecurity professionals, our role is to keep customer data safe and ensure the business keeps running smoothly. However, when the basics of cyber hygiene are not in place, this task becomes nearly impossible. There are numerous instances where focusing on cyber hygiene could have saved significant time and money.

Cyber resilience is not a luxury or a secondary concern but a necessity for organisations to meet their ethical and regulatory compliance requirements. Organisations adopting a proactive approach to cybersecurity can incorporate culturally enacted risk management. This strengthens their ability to withstand and recover from cyber-attacks and fosters a culture of collaboration and information sharing within the organisation and wider community, enhancing collective resilience against emerging threats.

The five top basics for me include;

Patching - Applications, Operating Systems and Network devices

Awareness - Build a culture of cyber safety in your workplace

Board Engagement - The board should know their obligations

Robust Risk Management Framework - We need to know the risks to the business

Cyber Training - for all IT Technical Staff, we need to share the knowledge across disciplines

Contact us for more details on how you can bring your organisations Cyber resilience to new levels.