What is Cyber Resilience?
Cyber Resilience is the practice of sleeping better at night + waking up refreshed, feeling like a champion. Seriously. Since Cyber Security is dead, the only valuable strategy is Cyber Resilience, which means being prepared + knowing exactly how to respond to getting hacked so you can protect your reputation, your clients + partners + the bottom line. We simply call this Resilience.
Here are some key considerations when designing your Resilience Strategy:
Understand, Define + Prioritize Your Organization’s Risks
Resilience doesn’t work as an afterthought. It must be a critical strategic component for the whole leadership team, rather than a sole member’s responsibility. What that means is taking personal, legal, ethical, + financial responsibility for the organization’s exposure to compromise of any kind by regularly addressing + assessing the risks of failure + ensuring that Resilience is built into all areas of your business + operating model.
Understand, Define + Anticipate Consequences
Prolonged cybersecurity events in sectors concerning key infrastructure, such as communications, banking or transportation are disruptive on a massive scale. Cyber disruptions of small + medium-sized businesses are equally disastrous both for the organization + their clients, partners + customers who trusted them. For any organization, regardless of size + scope, the failure or disruption of your complex systems, compromise of intellectual property, sensitive information (including commercial data, employee information + more), or data held in trust on behalf of partners + customers, is directly reflected in your reputation, credibility +, ultimately, your profitability.
Understand, Define + Document Your Systems + Data
The better your understanding + assessment of how your business uses technology, the better you will be able to define + prioritize your risk + the consequences of failure. You have to think like the bad guys in order to understand the value of your data to those who would compromise it. When you know exactly where that data is, how it is protected, who has access to it (including external sub-contractors) + what the risks are, then you are in a stronger position than your competitors + can better design a business model with Resilience in mind, for the long term.
Be mindful. There are providers out there who would suggest more complexity than you require. WIMZKL starts with the Resilience Diagnostic to determine what your business needs + what it doesn’t. Wherever you are in your planning, be careful + sure to consider this. No one wants to bring a tank to a knife fight.
There are dozens of ways to enhance your overall Resilience. Some are complex but even integrating some basic good practices helps minimize your organization’s risk to a majority of attacks. These include regular patching of software + operating systems, limiting privileged access to the most valuable information across the organization + proper configuration of existing technology infrastructure, such as routers, firewalls + other defensive technologies. WIMZKL recommends not adding complexity but rather simplifying by better understanding what you already have + making it deliver more value for your organization.
Refine Good Practices in Redundancy + Response
Unless you’ve been living under a rock, you’ve read plenty about cyber attacks on businesses + government organizations of all shapes + sizes. From malicious destruction of data, or DDoS attacks (Distributed Denial of Service), ransomware + countless other human errors that lead to system failures + data loss. It is critical that you build in redundancy + regular, tested backups of your business data. Redundancy is essential to recovery after a successful cyber attack. For example, most people have no idea how often these backups fail when needed the most due to negligence by allowing those strategies to fall into neglect.
Find a Long-Term Partner
Cybersecurity technology is more complex + expensive than ever. Most companies cannot afford the expertise + resources to achieve Resilience on their own, in-house. Find an external partner committed to helping your organization diagnose your resilience, define + prioritize your risks, implement a Resilience Strategy + stick around for the long term to sustain its value.
As attacks evolve in depth + breadth, awareness in your people becomes more + more important. Fostering a culture of awareness isn’t easy + is an internal responsibility. A solid, long-term partner is the difference between success + repeat failure.
Continue to Invest in Resilience
Resilience, awareness + the good practices that foster it isn’t a single project. It’s an ongoing process that includes more than a single perspective in your learning. Done in a thoughtful + intentional way to build awareness in your people, this practice gains momentum + value the more true to the cause you are. Effective Resilience requires acknowledging the value of a regular investment of time, education + resources to further the overall awareness of people within your organization.
Foster a Culture of Awareness
We could have discussed this first because it is arguably the most important part of Resilience. While the vast majority of cyber attacks emanate from outside an organization, human error within the organization, caused by a lack of awareness + training, is the single largest contributor to security incidents that impact your business. Resilience requires active participation of an entire culture, meaning not only the technical staff but everyone who accesses information systems + who, as regular, error-prone human beings, are often tempted to click on things they shouldn’t. Without regular awareness training + a culture that supports active learning, company spending, even on the most expensive + sophisticated Cybersecurity solutions, are not effective. A strong culture of Resilience, however, including an informed + committed staff, creates an environment that reinforces + rewards positive security practices.
People react positively to friendly, examples-based Cybersecurity training that gives them value they can use right away in their personal lives to protect their family, friends + the ones they care about most. Empowering people to use technology in new + more secure ways at home will encourage them to bring those habits + tools to work, which shapes the kinds of decisions they make at work. It doesn’t work the other way around.
Being transparent + sharing your own stories is valuable, too. Sharing our failures + triumphs adds value to our own cultures as we continue to pursue what we are all trying to achieve: an Internet that is safer for doing business today, tomorrow + into the future.
Looking for a Resilience partner? WIMZKL wants to help. Read more about WIMZKL’s Resilience practice: resilience.wimzkl.com