In the twenty-first century, cybersecurity is essential for organizations to operate and grow with some peace of mind that systems are in place to protect their networks, data, and devices from breaches, criminal use, and unlawful access. And yet, strong cybersecurity practices may not be enough for them to weather this type of threat to their data in the coming years. The reality is that the rate of cybercrime also keeps increasing – it is estimated that one cyberattack happens every 11 seconds, and cybercrime could cost $10.5 trillion globally by 2025.[1] With the confirmation of the increase of cyber attacks and threats, the goal is no longer to prevent attacks, but to be able to stand strong and weather the storm when one occurs – this is known as cyber resilience.
Cybersecurity vs. Cyber Resilience
Cybersecurity is how organizations protect themselves and avoid cyber threats and crime. Typically, organizations implement a reputable cybersecurity framework (e.g., the National Institute of Standards and Technology (NIST), the International Organization for Standardization (ISO) and the Center for Internet Security (CIS) provide commonly used frameworks) to help better understand, manage and reduce any cybersecurity risk against their networks, data, and devices. For example, the NIST Cybersecurity Framework works in five different areas: identity, protect, detect, respond and recover. While these frameworks are voluntary, they serve as a useful tool to outline some of the best practices to help organizations build and enforce cybersecurity protection that best suits their needs and risks.
While cybersecurity measures focus to reduce the risk of and prevent the occurrence of attacks and breaches, cyber resilience acknowledges that not all attacks can be impeded. Therefore, organizations should also consider a plan to mitigate and minimize any damage or losses resulting from cybercrime. Cyber resilience focuses on an organization’s agility to maximize and swiftly restore essential functions that are compromised, taking a more proactive approach to the effects and impacts of threats, risks and attacks.
Incorporating a Cyber Resilience Mindset
Organizations hoping to add cyber resilience to their cybersecurity strategy can essentially develop plans to respond once an attacker gets through to lessen the impact of a breached system, compromised network and exfiltrated data. One great place to start is through a cyber resilience review – to provide insight into an organization’s operational resilience and cybersecurity capabilities, including answers to questions like the following:
- Where in the organization could cyber attacks have the most damaging effects?
- What operations rely upon technology to function?
- Where do we store sensitive and valuable information?
- Can any essential functions keep going through offline processes in the event of an attack? (These may include finance, quality assurance, customer service, etc.)
- Do we currently have a cyber incident response plan that addresses who, what, where, when and how to recover lost data and restore normal operations?
Implementing Cyber Resilience
Practically implementing cyber resilience into your organization can take on a few different forms and methods. For example, you may incorporate redundancy into certain network systems so that they still function when parts are removed. Networks may also be segmented to prevent the spread of attacks. And of course, data should always be backed up and encrypted, making it useless to bad actors in the event of an attack. As a final line of defense, incident response and business continuity plans can lessen the impact and continue operations until systems are returned to normal. The goal should be to keep going on with your business regardless of who may access your data and networks, whether good or bad.
Whether you are well-versed in cybersecurity best practices for your organization or in the early stages of developing the implementation of a framework, Windham Brannon is here to help you assess your risk and identify the right solutions to keep you protected and secure. For more information about cybersecurity and cyber resilience for your organization, contact your Windham Brannon advisor or reach out to Al Tanju.
