What is cyber resilience? If you search the definition within the Oxford Dictionary, resilience alone is defined as “the capacity to recover quickly from difficulties; toughness.” If you narrow the definition down to cyber resilience, it shifts to maintaining vs recovery. As noted on Wikipedia, it becomes “the ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation.”

I spoke with Matt Torrens, the COO at Sprout IT, regarding resilience. He gave me the following definition: “A true cyber resilience approach blends protection, detection, response and recovery to form an organization-wide, collaborative strategy.” As part of this definition, all three elements of the cyber security triad—confidentiality, integrity, and availability—are vital to an organization’s resilience. Resilience is essentially a holistic approach to preparing for, responding to, and recovering from an incident.

Here are some additional thoughts from Matt:

To protect businesses from cyber threats, we must first be able to recognize risks (combining threats and vulnerabilities) and go on to define solutions to help manage those risks. Response and recovery plans may then take many different forms but should always have the aim of enabling the organization to rally with minimal financial or reputational damage. When it comes to cyber security, in general, organizations across all sectors still tend to emphasize protection over response and recovery. While in the last few years, cyber insurance has become more commonplace, many organizations have still not considered how they would respond to a major attack at all.

From my experience, cyber resilient organizations are ones that put the thought into planning, explicitly record decisions and alignments within their risk register, and consistently carry out testing to validate that these decisions are accurate. Cyber resilience requires ongoing dedication for (Read more...)