If nothing else, the coronavirus pandemic was a wake-up call for security teams. As the world was hurled into distributed work, the downfall of the traditional ‘walled fortress’ approach to cybersecurity became undeniable. Threat surfaces are now more extensive than they’ve ever been.
And criminals know it. As reported by Business Insider, cybercrime spiked by 600% in 2020 alone. No matter the size of your business, no matter your industry or vertical, no matter your IT budget, you are a target. And if you aren’t, you will be.
It’s been well-established by this point that no business is below the radar of cybercriminals. Just as we know that traditional security controls, although still crucial, are no longer enough. Instead of cybersecurity, we must shift focus to cyber resilience.
But what exactly does that mean?
What Is Cyber Resilience?
While cybersecurity is all about defending against digital threats, cyber resilience takes things a step further. Per cybersecurity agency Upguard, cyber resilience is concerned with maintaining effective operations while preparing for, responding to, and recovering from cyber incidents. It’s predicated on the belief that no matter how ironclad your security, there is always a chance someone might crack it.
In other words, cyber resilience anticipates the worst-case scenario and preemptively takes steps towards mitigation.
How Does a Business Practice Cyber Resilience?
According to a piece written for The World Economic Forum by Salesforce Chief Trust Officer Jim Alkove, the first step towards effective cyber resilience is to ensure your business has a handle on the basics. This includes threat detection and mitigation, lifecycle management, and employee education. From there, it’s a matter of wrapping resilience into every system, process, and department within your organization.
How that looks will vary by business. Every organization’s threat landscape and risk profile are a little different, so every organization will have a slightly different approach to cyber resilience. In the absence of an established framework or maturity model, the most we can offer is some general advice that should be broadly applicable to any organization.
- Know your critical assets.
- Visualize and map your ecosystem.
- Pay attention to your industry.
- Focus on security as a tool for enablement rather than a shield.
- Maintain a culture of trust and authenticity.
- Collaborate with industry groups, competitors, partners, vendors, and peers.
- Examine your onboarding process.
- Understand that cyber resilience is an ongoing process.
- Eliminate or upgrade legacy systems that may impede agility or pose a security threat.
- Implement effective data orchestration practices across the organization.
- Manage, monitor, and protect your attack surface across your entire ecosystem.
- Make governance part of your business’s day-to-day, and ensure there are systems in place to guarantee accountability.
The New Landscape Demands Resilience
Distributed work is here to stay. Cyberattacks are becoming more frequent and more sophisticated. And more and more of our critical infrastructure is being left open to the web.
In the face of this landscape, whether you’re in the public or private sector, cyber resilience is non-negotiable.