Cyber Resilience: why is it relevant to have your own strategy?
Today we live in a technology-driven world and more and more companies rely on digital systems and resources to keep their business running effectively and efficiently.
The digital transformation involves a new vision about work processes in the whole organization and implies the adoption of new technologies, such as cloud computing, artificial intelligence, the Internet of Things (IoT) and the blockchain. They offer new opportunities to optimize products and services, but they also can hide specific risks about IT that could affect companies. Therefore, is key to implement safeguards to prevent it.
Indeed, cyber threats and attacks such as hacking, phishing, ransomware and Distributed Denial of Service (DDoS) can cause huge problems to companies, which doesn’t mean only severe service disruptions and reputational damage, but also a possible leak of personal data which can lead to heavy penalties from the authorities.
For example, let’s see the case of British Airways. In 2019, the airline was fined more than £183 million by the UK’s Information Commissioner’s Office (ICO) after customer data was leaked in a cyber attack: stolen information included name, address, login and payment card data and was collected by the hackers. The penalty, which amounts to around 1.5 per cent of British Airways’ 2018 global turnover, was the first proposed by the ICO under the General Data Protection Regulation (GDPR).
Cyber attacks nowadays can occur easily and in several sectors and situations, but if for a large company it may be easier to bear the costs of such a penalty, it’s not the same for small and medium-sized companies which can be financially devastated by the effects of a cyber attack. This is why investing in cyber resilience and cyber security is key to react to such events and remain safe and steady.
Cyber Resilience and Cyber Security have the same meaning?
Although cyber resilience and cyber security are two terms that refer to IT security and aim to safeguard systems from cyber attacks, they are not exactly the same thing.
A simplified definition of the two terms would describe:
- cyber security as a set of technologies and actions taken in order to mitigate security risks which describes a company’s ability to protect itself and avoid the growing threat of cyber crime;
- cyber resilience as the organization’s ability to react to threats and attacks, both from the inside and the outside, and recover data, avoid disruption service and mitigate damage to systems, processes and reputation carrying on the business.
The real difference between these two elements refers to the fact that some kind of IT vulnerability will always exist, no matter how much resources get invested in cyber security activities: indeed, cyber resilience actions aim to make companies able to overcome any shortcomings and recover if a cyber threat eludes security controls.
So, cyber resilience and cyber security are different, but closely related. If cyber security is a fundamental aspect of cyber resilience, planning the structure of a resilience plan is the foundation of cyber security.
What are Cyber Resilience’s principles?
An effective Cyber Resilience strategy is based on some fundamental principles:
- Identification refers to know the cyber risks and threats and be prepared to respond;
- Preparation refers to understand clearly the cyber security systems and processes and ensure that the technological solutions adopted can resist cyber attacks;
- Answer refers to the know-how needed to react promptly and effectively to a cyber attack, planning actions and techniques to use to deal with the situation and protect company systems in order to guarantee the continuation of activities;
- Recovery refers to the know-how needed to resume operations as soon as possible after a cyber attack and reduce the overall impact on the organization.
Stages of cyber resilience differ from company to company, but a good starting point is understanding where cyber events and incidents could have the most damaging consequences on the company. Therefore, it’s key to individuate high-risk activities and the most vulnerable systems to understand how the activity could be compromised.
To manage this, the digital twin concept can play an important role: a digital twin allows you to understand what the impact of a cyber attack could be on production and overall efficiency. This can help businesses to adopt a better approach, making the right decisions about the actions required to prevent and respond to cyber attacks.
Cyber resilience also involves the adoption of cyber security measures to mitigate the damage in the event of an attack. For example, offline emergency processes can be developed to keep essential activities running until the flaw can be fixed.
What are the key factors of a Cyber Resilience plan?
Cyber resilience is all about realizing about the increased awareness of vulnerabilities, the need for a technical preparation to contrast cyber attacks and the ability to find fast and effective solutions for the issues they can produce.
Several key factors need to be considered to prepare a Cyber Resilience plan, just check these questions and answer them:
- What to do in case of failure or violation?
- Who is responsible for taking these measures?
- How to communicate the incident and to report failures to authorities?
- How to recover data and restore normal operations as quickly as possible?
