“There are two types of companies: Those that have been hacked, and those that haven’t yet discovered that they’ve been hacked.” – Former Cisco CEO John Chambers. These 2015 thoughts about the reality of cyber-attacks have proven to be eerily accurate. In today’s world, companies are faced with a significant proliferation of information, apps, systems, and devices. In other words, every company’s data resilience extends well beyond its internal data network. Cybersecurity has traditionally targeted the perimeter of the network – but as cybercrime becomes more sophisticated, the old-school approaches to resiliency are proving inadequate.
Cyber Resilience Defined
Accenture defines Cyber Resilience as “the ability to defend against attacks while continuing to do “business as usual” successfully.”
A business can institute a cyber resilience strategy to rapidly respond to and recover from a cyber breach, maintain operations and service throughout the attack, recover effectively and learn from the experience – all of which will help a company to survive all subsequent attacks more effectively. Unlike cyber security efforts, resilience extends beyond IT system infrastructure to guarantee that critical business processes continue as much as possible during and after an attack.
Therefore, cyber resilience is a collection of best practices, technologies, and methods that mitigate risk to protect the company from those who would attempt to exploit it. There are various cyber resiliency levels, but each must address external and internal threats – from criminal hackers to negligent employees who never update their software. Comprehensive protection for any business is achieved through a mix of cyber resilience technologies and services that cover both risk mitigation and business continuity plans.
CyberResilience vs. Cyber Security?
The most concise way to explain the difference between these two concepts is this:
To keep them out, you need cyber security.
To know what to do when they’ve made it in, you need cyber resilience.
In reality, cyber security is an integral element of your overall cyber resilience strategy.
There is a basic flaw at the center of cyber security. The industry has evolved around the need to protect vulnerable systems, with layers of protection including firewalls, insider threat detection, spam filters, and DNS filtering. However, no matter how many protective layers are added, a vulnerable system is just that – vulnerable.
Unlike traditional methods of cyber security, resilience services don’t pile additional security on top of the infrastructure. Instead, it targets how the infrastructure itself is developed, managed, and maintained. Cyber resilience addresses IT infrastructure, business procedures and processes, and the actions of employees.
The Importance of Cyber Resilience
Data breaches and cyber attacks can be financially devastating to a business, and the frequency of attacks is on the rise. According to Equifax, large companies average a loss of $700 million per attack – a staggering number. For small and medium-sized businesses, the impact can be even worse – perhaps not in total dollar amount but in the relative effect on their ability to recover. Some experts suggest that 60% of SMBs close their doors within six months of a major cyber attack.
Creating a Strategy
Cyber resilience should be approached as an enterprise-level strategy. Here are ten tips for structuring an effective cyber resilience strategy:
- Align the business data and cyber security with the digital transformation strategy.
- Cultivate a comprehensive cyber risk management culture.
- Identify the most vital assets, data, and information.
- Locate and mitigate vulnerabilities.
- Minimize project and production cyber risks.
- Optimize system reliability.
- Adapt security to represent a prevention-based architecture.
- Determine to utilize the latest digital and defense solutions.
- Train teams regularly in resilience strategies.
- Scale your success by disseminating intelligence and knowledge.
Alliance IT is a Sarasota-based managed services company, and our team is staffed by cyber security and cyber resilience experts. If your business needs assistance, call today to learn more.
