02 Aug The key for resilience is preparation
The Key for resilience is preparation. Is there a best way to prepare for (a possible) attack?
Companies prepare business continuity plans all the time to ensure smooth operations in case of crisis. New threats evolve on a regular basis and lately a surge in cyber threats has been experienced, ranging from phishing attacks, malware, ransomware and DDoS attacks.
Cyber resiliency is the ability of the company to still deliver its core business services even during a cyber-attack. Resilience is not simply having a disaster recovery plan or a set of standard operating procedures – it goes beyond! It is a matter of mindset… of planning … of investments and of architecture.
Below are a number of tips for improving your organisation’s Cyber-Resilience
Train your employees
Cyber security awareness empowers employees to identify cyber threats and the repercussions they may have on the business. Understanding vulnerabilities, directly improves your workforce’s defensive skills and thus improves the cyber resilience of your organisation vis-a-viz cyber risks.
Up your security systems
On a regular basis analyse and test both the digital and physical surfaces of your business, to discover any vulnerabilities and security holes (before cyber criminals!). Audit your data, systems, applications, hardware and physical facilities to identify any flaws. Implement and keep up-to-date security systems to keep cybercriminals at bay. Anti-malware software, Firewalls and proper anti-virus, encryption tools, and packet sniffers are security tools that need to be present in any company, irrespective of their size. These systems need to be part of the overall security policy of the company and a team of responsible professionals are to manage the space.
Understand Cyber attackers and their methodologies
Understanding the attacker’s mindset, aims and objectives and the value of your assets helps in understanding the posed cyber threats and risks. Expect cyber attacks anytime and have protective measures prepared for such situations. Plans are to be in place to have fall-back systems or an architecture that can continue operating even in/with a limited capacity. Always be vigilant and have procedures in place to defend, recover and restore your systems in the unfortunate event of an attack.
Engage a security partner?
Proactivity is key in the cybersecurity world. It is recommended that organisations engage trusted security experts to assess digital assets (systems, servers, networks, applications) and physical security of areas that hold sensitive data (such as CEO office and Archives). Security service providers add value by reviewing and assessing current security solutions, existing cloud infrastructure, core business software and provide a set of recommendations based on identified vulnerabilities and weaknesses. Such an engagement needs to be ongoing in nature and not a one-off task.
Security incidents such as data breaches can put your business at risk. There is no right time to shield against an attack – you need to always be prepared for possible cyber attacks. Cybersecurity needs to move up your priority list, when setting the agenda and direction of the company. The Covid-19 pandemic has taught us that curveballs do not wait for anyone and come as a total surprise. Lagging in cybersecurity (and therefore cyber-resilience) is a critical error!