Embracing Cyber Resilience in Today's Cyber-Enabled World

Wednesday, May 06, 2015

Steve Durbin


Global cyber-attacks continue to become more innovative and sophisticated than ever before. Data breaches at major retail brands have revealed that cyber risk is an ever-growing concern for organizations around the world. In today’s cyber age, a company’s reputation – and the trust dynamic that exists amongst suppliers, customers and partners – has become a target for cybercriminals and hacktivists.

Businesses of all sizes must prepare for the unknown so they have the flexibility to withstand unexpected and high impact security events. To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function, since new attacks will impact not just technology but business reputation and shareholder value.

Managing Information Risk

Today, risk management largely focuses on achieving security through the management and control of known risks. The rapid evolution of opportunities and risks in cyberspace is outpacing this approach and it no longer provides the required protection. Cyber resilience requires recognition that organizations must prepare now to deal with severe impacts from cyber threats that are impossible to predict. Organizations must extend risk management to include risk resilience, in order to manage, respond and mitigate any negative impacts of cyberspace activity.

Cyber resilience also requires that organizations have the agility to prevent, detect and respond quickly and effectively, not just to incidents, but also to the consequences of the incidents. This means assembling multidisciplinary teams from businesses and functions across the organization, and beyond, to develop and test plans for when breaches and attacks occur. This team should be able to respond quickly to an incident by communicating with all parts of the organization, individuals who might have been compromised, shareholders, regulators and other stakeholders who might be affected.

All Hands on Deck

Cyber threats are no longer the domain of information security; all units within the organization are affected, as are external customers, suppliers, investors, the media and other stakeholders.  Senior business leaders, preferably the chief executive or chief operating officer, should lead the pack with coordinated, collaborative approach which allows the organization to prepare for unpredictable events.

Organizations must be agile in order to prevent, detect and respond quickly and effectively, not just to incidents, but to the consequences of the incidents.  An incident response team comprised of areas from across the organization should be created to develop and test plans pre and post incident. This team should be equipped and trained to respond quickly to an incident by communicating with all parts of the organization, individuals who might have been compromised, shareholders, regulators and wherever impact can be felt.

Instituting a Successful Cyber Resilience Program

Organizations function in a progressively cyber-enabled world today and traditional risk management isn’t nimble enough to deal with the risks from activity in cyberspace. Enterprise risk management needs to be extended to create risk resilience, built on a foundation of preparedness. From cyber to insider, organizations have varying degrees of control over evolving security threats. 

A comprehensive cyber security program leverages industry standards and best practices to protect systems and detect potential problems, along with processes to be informed of current threats and enable timely response and recovery.  Using a resilience based approach to apply cyber security standards and practices allows for more comprehensive and cost effective management of cyber risks than merely compliance activities alone.

Cyber resilience is about ensuring the sustainability and success of an organization, even when it has been subjected to the almost inescapable attack. By adopting a realistic, broad-based, collaborative approach to cyber security and resilience, government departments, regulators, senior business managers and information security professionals will be better able to understand the true nature of cyber threats and respond quickly and appropriately. 

Cloud Security General HIPAA PCI DSS Infosec Island Firewalls IDS/IDP Network Access Control Network->General SCADA Budgets Enterprise Security Policy Security Awareness Security Training General Impersonation Phishing Phreaking Breaches CVE DB Vulns US-CERT Privacy Vulnerabilities Webappsec->General General PDAs/Smart Phones
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.