Resilience is the ability to adapt and recover well in the face of problems. It doesn’t mean that the problems, whatever they are, don’t affect you, but that you can manage the upheaval they’ve caused and ‘bounce back’.
For businesses, cyber resilience is the ability to keep the business running—or at least to get back to normal operations quickly—when under cyber-attack or experiencing some other cyber-related problem.
The difference between cyber security and cyber resilience
Cyber security and cyber resilience are clearly related, and many of the tasks involved overlap.
While cyber security is about putting defences in place to prevent attacks, cyber resilience is about what you do when the defences fail. It’s about the ability to respond to an attack effectively, and recover quickly, minimising the disruption to the business.
Given the increasing probability of an attack, an organisation needs cyber security to defend itself, but also the resilience to cope if an attack occurs. This resilience must be considered and developed in advance.
How to become cyber resilient
While not a quick or easy task, the aim is to ‘build in’ resilience into the operations of the business. Cyber resilience focuses on those business operations that are dependent on cyber resources. This is information resources that are held, managed and used electronically, and that can be accessed via a network.
Many of the preparation tasks for cyber resilience are the same as those for cyber security.
It is important that you:
- Identify your risks and assets
- Know what your business assets are—what needs to be protected
- Know what your infrastructure assets are—and what vulnerabilities those assets might possess. This should include devices used by people working from home, and any personal devices that are connected to your network under a BYOD policy.
- Know what supply chain risks your business might face.
- Protect your system. Follow good cyber security practices to reduce the risks to that system, including:
- Keeping everything in the system up to date wherever possible.
- Securing all devices, computers and the perimeter of the network.
- Protecting access to the systems, particularly for admin accounts.
- Educating employees on phishing detection and other security risks.
- Prepare for an attack (or for a major cyber problem) by:
- Segmenting your network to reduce the impact of malware spread.
- Ensuring that backups are taken regularly and protected from corruption.
- Checking regularly that backed up data can be recovered.
- Developing—and testing regularly—a disaster recovery plan.
- Considering resilience as part of your systems architecture. Think about where your single points of failure are, and whether you might need to add redundancy (additional devices to take over if one fails).
- Detect an attack as quickly as possible. If you know what ‘normal’ looks like, you can be alert to variations. Install firewalls and malware protection, alongside other monitoring software if needed.
- Know how you would respond to an attack or other disaster.
- Develop (and practice) a response plan. This plan should identify who will respond, and what they will do, in a variety of different scenarios.
- Develop (and test) a business continuity plan to ensure that the business understands how best to keep critical business functions working until normal operations can be resumed.
Once you have worked your way through an attack, don’t forget to update your plans with anything that you’ve learned about what went well, and what you might do differently next time.
If you are lucky, you’ll never need to use your prepared plans. However, if you are attacked, you’ll be more resilient as a result of your preparations, and better able to manage the recovery process.
If you’d like help with developing your cyber resilience, whether you’d like to review your system architecture or develop a business continuity plan—or anything else on this list, of course—do contact Click and Protect, or call us on 0113 733 6230.