PROMOTED CONTENT

Having a cyber resilience plan on top of your cybersecurity strategy

Hypertext

12th April 2021

Written by Jenny Carter, blogger.

The aftermath of a cyber attack can be devastating to a business. In the headlines, we see news of industry giants such as Uber paying out hundreds of millions in regulatory fines, but smaller companies are just as affected. According to CNBC, the average cost of a cyber attack runs at $200 000, a hefty amount that’s likely to put most small to medium-sized businesses out of action permanently.

With cyber attacks rising in frequency and given the increasingly dynamic, sophisticated nature of today’s threats, it’s becoming apparent that traditional cybersecurity measures aren’t enough to help companies weather the threat storm.

Cyber resilience is gaining prominence among business leaders and security experts alike. As a practice and a concept, cyber resilience is more well-rounded than cybersecurity measures alone and better suited to the needs of today’s businesses.

Here we look at the differences between cyber resilience and cybersecurity, and how the two are linked.

What is cyber resilience?

We can broadly define cyber resilience as an entity’s ability to prepare for, respond to, and recover from a cyber attack. The concept has emerged recently as tried and tested cybersecurity measures insufficiently encompass the full needs of companies.

For example, an attack has effects that are lasting and ongoing, including a loss of reputation and clientele. Cyber resilience helps an organisation protect against attacks, limit severity, and ensure its continued operation after an attack occurs.

This doesn’t mean that traditional cybersecurity measures are no longer valid. On the contrary, they form an essential part of a robust cybersecurity strategy, but alone they may not be enough to guarantee a company can survive an attack.

Cyber risks companies face

Organisations operating in today’s digital climate face a number of threats and cyber attack types. Among the most common, though, are the following:

Malware — Can be used by threat actors to gain access to a company’s systems or devices, steal data or funds, or wreak havoc for the sake of havoc.
Data breaches — Data loss can make the difference between a functional, profitable company and one that’s teetering on its last legs. Data breaches occur through human error and/or the efforts of threat actors and may involve the use of malicious software or other nefarious tools.
Insider threats — Staff members or contractors with access to company files and data may maliciously or accidentally cause a data leak or damage to systems.

Generating cyber resilience

There are a few steps involved in creating a robust cyber resilience program, key among these are:

Awareness — Understanding that an attack is likely, not rare. Taking steps to build a culture of security and preparedness.
Defence — Using all the tools in a company’s arsenal to thwart attacks. Staff training, best online practices, and cybersecurity are an essential part of a defence strategy. Consider downloading a VPN, firewalls, email scanners, anti-malware, and internet protection should all be used.
Response — Knowing what to do in the immediate aftermath of an attack. Reporting the incident to regulatory bodies, informing affected clients, and mitigating the damage to systems and data are all part of a strong attack response.
Rebuild — Here’s where the business side of things comes into play. A full roadmap that outlines how to keep an organisation functional and fiscally healthy after an attack is needed, as is an analysis of the attack and how similar events can be prevented in the future.

[Image – Photo by Christin Hume on Unsplash]

About Author

Hypertext

Hypertext is one of South Africa’s leading technology news and reviews sites, catering for consumers, small and medium businesses and the technology channel.