There is a gathering storm before us. The technological bedrock on which we are building the future of humanity is deeply unstable and like a house of cards can come crashing down at any moment. It’s time to build greater resiliency into our global information grid in order to avoid a colossal system crash.
Marc Goodman – Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It
Never before has technology evolved at such a pace, further entwining individuals, businesses and societies together through the transfer and availability of information.
But it is this very fact that presents such huge dangers, especially when cyber criminals are often the most innovative and early adopters of the latest technological developments.
It wasn’t long ago that IT managers, CIOs and information security managers were trying to convince their boards that cyber security was an issue they needed to wake up to. Perhaps convinced by high-profile attacks and the regularity that cyber attacks now feature in the media, boards are finally coming round to the idea that they need to take a far more active role in how cyber risks are managed.
But the goalposts have shifted: cyber attacks are inevitable.
Cyber security + business continuity = cyber resilience
Cyber security reports all seem to have one thing in common: attacks are on the increase. The question is: can you realistically defend against a constant flow of ever-changing cyber security threats? Or is it more likely, in fact, that an attack is going to get through your defences at some point?
What businesses should be looking to achieve is a state of cyber resilience. Let’s clarify exactly what we mean here:
Cyber security is the state of protecting your information from attack by identifying the risks and establishing appropriate defences.
Cyber resilience accepts that there is a risk that an attack may be successful no matter how well prepared your defences are, and stresses the additional importance of incident management and business continuity planning.
Cyber security is no longer enough. If a successful cyber attack knocks your website offline, impacts your supply chain or exposes sensitive information, and you have no plan to respond and return to business as usual, then the results could be devastating.
An effective cyber resilience strategy will protect you from the majority of cyber attacks. In the event of a successful attack, however, you will be prepared to respond and recover. Information about any attack, successful or not, should then be fed back into the cyber resilience strategy to improve the state of defences.
“For the safety of your organisation, you need to prepare for cyber resilience, not cyber security.”
Cyber security expert Alan Calder, founder and chairman of IT Governance.
Find out more about this critical business topic and how you can start developing your own cyber resilience strategy by downloading our free green paper on cyber resilience today >>