Posted on

Cyber

Cyber Resilience Made Simple

Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks.

It has emerged over the past few years because traditional cyber security measures are no longer enough to protect organizations from the spate of persistent attacks.

According to Mimecast’s The State of Email Security Report 2020, 31% of organizations experienced data loss due to lack of cyber resilience preparedness.

Cyber resilience helps an organization protect against cyber risks, defend against and limit the severity of attacks, and ensure its continued survival despite an attack.

The Four Elements of Cyber Resilience

The IT Governance Cyber Resilience Framework recommends a four-part approach to cyber resilience:

Manage and Protect

First element

The first element of a cyber resilience program involves being able to identify, assess and manage the risks associated with network and information systems, including those across the supply chain.

It also requires the protection of information and systems from cyber attacks, system failures and unauthorized access. 

This stage should cover:

  • Malware protection 
  • Information and security policies 
  • The formal information security management program 
  • Identity and access control 
  • Security teams’ competence and regular training
  • Security staff awareness training 
  • Encryption 
  • Physical and environmental security 
  • Patch management 
  • Network and communications security 
  • Systems security 
  • Asset management   
  • Supply chain risk management

Identify and Detect

Second element

The second element of a cyber resilience program depends on continual monitoring of network and information systems to detect anomalies and potential cyber security incidents before they can cause any significant damage.

This stage should cover:

  • Security monitoring 
  • Active detection

Respond and Recover

Third element

Implementing an incident response management program and measures to ensure business continuity will help you continue to operate even if you have been hit by a cyber attack, and get back to business as usual as quickly and efficiently as possible.

This stage should cover:

  • Incident response management 
  • ICT continuity management  
  • Business continuity management  
  • Information sharing and collaboration

Govern and Assure

Fourth element

The final element is to ensure that your program is overseen from the top of the organization and built into business as usual. Over time, it should align more and more closely with your wider business objectives.

This stage should cover:

  • A comprehensive risk management program 
  • The continual improvement process 
  • Governance structure and processes 
  • Board-level commitment and involvement 
  • Internal audit 
  • External certification/validation

The benefits of cyber resilience

A cyber-resilient posture helps you to:

  • Reduce financial losses;
  • Meet legal and regulatory requirements: regulations such as the NIS (Network and Information Systems) Regulations and the GDPR (General Data Protection Regulation) call for improved incident response management and, in some cases, business continuity management;
  • Improve your culture and internal processes; and
  • Protect your brand and reputation.

How we can help you develop cyber resilience

Support911.net is a leader in global cyber risk and privacy management consultancy. We advise businesses on their most critical issues and present cost-saving and risk-reducing solutions based on international best practice and frameworks. Just as we’ve helped hundreds of other organizations globally, we can help you.

or call (408) 426-5522