As the world’s Internet-based technology dependence grows, businesses are also exposing themselves to an ever-expanding threat landscape. Unfortunately, a layered protection approach to security that intends to detect and fend off attacks is no longer good enough. Sure, basic cybersecurity measures will prevent the majority of attacks, however, proficient hackers will be able to find holes in your defence. As Accenture puts it: “Absolute security is absolutely impossible”.
Today, organisations are complementing their cybersecurity strategies with cyber resilience.
What’s the difference between cybersecurity and cyber resilience?
Imagine a country that wants to build a wall to keep out unwelcome visitors. But even with a barrier in place, there’s still no guarantee that you’ll stop people from getting in. This is what cybersecurity is like, putting measures in place to prevent sinister characters from accessing information they shouldn’t and gaining control of your IT systems. When we build virtual walls aimed at mitigating every invasion, we’re working to achieve an unattainable goal.
A smarter approach is to develop and design assets that are difficult to attack. This way you can mitigate the impact and reduce the potential loss when an event happens. Cyber resilience is a “not if, but when” approach to cyber crimes. Essentially you build a wall as a security measure, but you have additional processes and safeguards in place to help you respond, recover and get back on track when someone gets in.
Cybersecurity’s main aim is to protect your IT systems, cyber resilience focuses more on making sure that you can remain operational during such a cyber event.
A relatively new concept, cyber resilience has gained momentum because there is still a chance that you’ll suffer some kind of attack, even if you have the best defence in place. And also, because severe cyber-attacks can have dramatic consequences. When you accept that the worst could happen, you’re better equipped to respond if it does.
Cyber resilience should form part of the business’ wider risk management and business continuity activities. It shouldn’t be something left to the security team. Instead, leadership must work hard to establish a culture that promotes the latest incident response and cyber-resilience strategies.
Read more about all things innovation, digital and technology on our blog. Or have this content delivered to you every month by subscribing to the Nebula Insights newsletter by completing the form below.