Businesses need to think beyond cybersecurity and on cyber-resilience
If there’s one lesson we learned, the pandemic changed the face of smart connectivity, digital transformation and human connections in ways never witnessed. We’ve seen a massive technological disruption in the business landscape.
As the complexities of the business context evolved, the top concern of each business is the rise in the frequency of ransomware attacks as well as the level of sophistication, social engineering attacks, and malicious insider activity. This demonstrates how imperative it is to reinforce cybersecurity measures.
Statista research shows cybersecurity incidents remain one of the main disruptors to business operations, with total published ransomware attacks of 244 as of November 1 last. The industries that are the most affected by ransomware are government at 47, followed by education at 35 and healthcare at 33. Moreover, the Middle East alone has experienced a series of DDoS attacks, cloud threats, and critical vulnerabilities in the most used applications.
For those who still doubt whether they should develop and implement a well-defined cyber resilience strategy, I am confident to say that time is now. In this day and age of hyper-connectivity, IT systems share a global risk of exposure. As we evolve into a knowledge economy - where security, connectivity and sustainability will be at the forefront of all conversations - the market will take a significant step toward cyber resilience from cybersecurity.
One of the key topics at the World Economic Forum was that cybersecurity, once relegated to the IT department, is quickly evolving into a key business enabler if managed well. If executed poorly, it could lead to disastrous results. Yet, while there seems to be a mindset change around cybersecurity, with a gradual shift towards cyber resilience, businesses seem slow to make the change.
Aim at longer term
Why cyber resilience? Economies can only be as resilient as the collective resilience of businesses, governments and individuals. While companies may be limited in preventing attacks, they can still take bold steps toward managing and successfully mitigating any kind of threats by investing in a robust cyber resilience strategy. Cybersecurity is no longer the end game, and we must not stop at just preventing a data breach or reducing the risk of malicious attacks. We must go further by creating a strong business continuity plan that incorporates cybersecurity controls at every step and has a well-structured incident response and recovery plan.
There are several points to consider when creating a cyber-resilience strategy and measuring how effective it is for your organisation. Here are some of my recommendations.
- Assess the number of dedicated specialists the managed security service provider (MSSP) has in creating the right cyber resilience strategy and if these resources are based in your country of operations or elsewhere.
- Ensure their operations comply with the regional regulations and maintain data residency as agreed.
- Double-check that they have strong capabilities in assessing your entire infrastructure, improving your security maturity and business resilience.
- Most important, validate that they are a trusted company that knows how to safeguard your digital assets and support your digital transformation journey.
The key is this: while a cybersecurity strategy can help prevent a data breach or reduce the risk of malicious activity, a cyber-resilience strategy specifically helps mitigate the impact of these attacks. The rate of cyberattacks will most likely increase and a cyber-resilience strategy must become part of the business continuity planning and disaster recovery strategy development for any business.
As the cybersecurity arm of e& enterprise, Help AG, we have worked with various industry verticals such as banking, government, energy and utilities, healthcare, education, retail, and aviation. Our experience has shown us that cybersecurity or cyber resilience is not the job of an individual, an IT professional, or a department. It is the responsibility of all.
Even as we provide strategic consultancy, tailored security solutions and future-ready services in terms of technology to clients, it takes both parties to stay committed to the end goal of safeguarding the organisation from future threats.
Building a business continuity plan or disaster recovery strategy to address gaps in their cyber resilience strategy will not happen overnight. Through a combination of preventive, detective and responsive methods that we use, companies can emerge resilient in the face of any cyber-attacks and ultimately maximise their level of protection against ad hoc threats and attacks.