It’s been almost 40 years since science fiction writer William Gibson brought the word “cyber” to greater popular attention when he coined the term “cyberspace”. He chose the word because he needed “a really hot name” for the setting of his stories. “As I stared at it, my whole delight was that I knew it meant absolutely nothing,” he said.
Today, the term is as widespread as the computers and internet it most commonly relates to. As a result, we’ve become well-accustomed to the likes of cyberspace, cyber attacks and cyber security.
In this context, as more parts of our businesses have become cyber in nature, it’s no surprise that cyber resilience has become an essential part of broader business resilience.
Prepare for every eventuality
The starting point for cyber resilience is the recognition that cyber security is not infallible. It may not successfully thwart all attacks or protect against adverse cyber events. It is important to address how you deal with a breach, malicious or accidental, if it happens, as well as having the best cybersecurity systems in place.
If you’re prepared for a cyber attack, whether a deliberate attack, human error or natural disaster, you’re more likely to keep your IT systems and services up and running.
Get the basics right
There are varying views on how many “components” there are in a cyber resilience plan.
Generally, most people break cyber resilience into four components: preparation, detection, response and recovery.
Preparation: this involves identifying vital information and vulnerabilities, assessing and managing cyber risks to the business and implementing measures to protect critical infrastructure and services.
Detection: being able to detect cyber threats and adverse events when they happen, assess the damage and implement a timely response.
Response: set out a response plan to mitigate negative effects and maintain continuity.
Recovery: define how to recover to normal business operations.
It’s cyber but it’s the business
Cyber resilience is heavily intertwined with business resilience. Maintaining continuity of IT systems and services is critical, as businesses processes, functions and applications increasingly rely on them.
What’s more, trends that have taken centre stage in the COVID-19 pandemic, such as remote working and increased use of cloud applications, are reinforcing the business-critical role of IT.
Take risk assessment and management, for example. Businesses need to assess the risks of dealing with a widely dispersed workforce accessing and sharing company data and documents using home broadband networks.
If an adverse cyber attack occurs with a remote employee, can you protect your critical systems? Can you detect that event when it happens and respond appropriately – and in a timely manner?
It may be worthwhile investigating whether there is a risk and cost argument for providing corporate managed home broadband connections to some remote workers, if not all.
Resilience plans should be revisited to account for business changes that have been made since the pandemic began.
Cyberspace might have been dreamed up, but there are plenty of all too real cyber threats that modern businesses need to contend with – and they are only increasing.
Cyber resilience gives you the capability to withstand those threats and bounce back afterwards.