Naveena Srinivas, enterprise analyst at ManageEngine, explains why it’s time for businesses to cultivate resilience as part of cybersecurity.
The pandemic has created new opportunities for eager cybercriminals to explore, and the rise in ransomware and mobile attacks is expected to continue in 2022. Much to the delight of hackers, many businesses in the United Kingdom introduced hybrid and remote work models last year, leaving networks and supply chains vulnerable to damaging disruptions. ManageEngine’s 2021 Digital Readiness Survey found that 83% of UK organisations have seen security threats increase as a result of the pandemic. Deepfakes, cryptocurrency, and mobile wallets are all thriving in the cyber threat landscape, causing a security headache for organisations struggling with their resources and approaches.
Of course, no company can afford to fix all cyber issues. While investing in the right tools and people to combat cybercrime is still crucial, investments alone are no longer enough to keep criminals at bay. Developing a cyber resilience strategy can, however, be the answer.
Creating a cybersecurity culture
Even with best practice guides, small and medium-sized enterprises (SMEs) and developing industries often struggle to understand cybersecurity and their responsibilities, leading to their network defences being breached. The tools and frameworks are there to help protect their systems, but the lack of awareness and understanding amongst their employees is a risk factor that cannot be ignored.
With hybrid work likely to stay, businesses must ensure employees are cyber-aware, even when their devices are not being monitored. Increasing company-wide awareness of cyber risks will encourage employees to exercise safer practices online and play their part in protecting the company’s assets. Creating a cybersecurity culture will strengthen existing security measures, cultivate stronger team collaboration, and save money and resources that would otherwise be spent on recovering from an attack.
Key steps to building a cyber-resilient business
Companies that show resilience and do well during a crisis are the ones that take precautionary measures first. This helps them feel less overwhelmed and more prepared to maintain high performance when a cyberattack strikes. Preparedness also helps prevent or reduce fines for violating regulations such as the GDPR. Fines can be heavy, as was the case for British Airways, which had to pay nearly £20 million for a data breach that occurred in 2018.
For SMEs struggling to protect themselves with only limited cybersecurity resources, a cyberattack could lead to devastating consequences, including serious disruptions, reputational damage, and huge fines. To avoid these, organisations need to include cyber resilience in their cybersecurity culture.
The term cyber resilience may sound unfamiliar and ambiguous, but it is simply about how people react in the aftermath of an attack. While a well-designed cybersecurity strategy aims to prevent attacks, a cyber resilience strategy aims to soften the impact of attacks by focusing on a few key steps.
The first step is evaluating employees’ cybersecurity awareness. This involves ensuring that they understand cybersecurity and educating them on how certain behavioural changes will better protect their entire team and the organisation.
The second step is setting clear, simple goals. A company’s strategy should state what cybersecurity stands for, why it is essential for employees to participate, and how their behavioural changes will improve the security of the organisation.
Third, adopting a top-down approach will prove helpful. Leaders should demonstrate strong cybersecurity hygiene and foster an environment where employees feel cybersecurity is everyone’s responsibility. Leaders should also understand the risks specific to them and their industry in order to create apt policies for everyone to follow.
Fourth, it is important to effectively identify, protect, detect, respond, and therefore recover. Building a cyber resilience strategy requires keeping critical resources in mind, creating a detailed incident response plan, monitoring all activities, and making a swift decision on the best course of action during an attack. A major aspect is restoring business functions and affected resources as quickly as possible so that your business can quickly return to normal.
Lastly, cyber resilience is about nurturing relationships and creating fruitful partnerships with peers, public entities, and competitors in order to combat cybercrime more effectively. Polishing hiring and onboarding strategies will ensure that everyone on the team is on the same page when it comes to safe security practices.
Cyber resilience boosts cybersecurity effectiveness
The aim of cyber resilience is to ensure the continuity of business operations with minimal impact. It helps businesses gain confidence in their ability to respond to cyberattacks, maintain trust with stakeholders, absorb the financial, legal, and reputational impacts, then get back to normal. A cyber resilience strategy, much like a cybersecurity strategy, must be revisited and reinforced regularly.
Cyber resilience is a framework that should scale for the industry and focus on the people, processes, and technologies required to ensure resilience across entire value chains. With today’s hybrid work models and changing cloud infrastructures, it is cyber resilience that will keep businesses and their customers secure. Therefore, if companies want to stay one step ahead of cybercriminals and recover faster from damaging attacks, they need to integrate cyber resilience into their business models and promote it amongst employees.