How Cyber Security Can Become Cyber Resilience

Written by Chad Robbins
Find me on:

 

Per the Business Continuity Institute’s Horizon Scan Report 2016, out of 568 organizations surveyed in 74 countries, the #1 threat to an organization was a Cyber Attack followed closely by a Data Breach. The strength of business continuity is capturing the critical elements of an organization while cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.

Outside of the common practices of cybersecurity and data breaches, executives and senior leadership need additional real-time decision making support. “How do we minimize the damage” becomes an all too common phrase. All organizations must assume they will be a victim. Having proper awareness, planning and training in place are key to a faster and more efficient recovery.

What’s often overlooked is the Cyber Response Plan or Incident Response Plan. With a cyber incident declared, the main goals are both a top-down and bottom-up approach. Leadership and stakeholders should assume that this will undoubtedly occur under their watch. Confidence needs to remain high that the plan can be executed. Key employee resources will work tirelessly to limit the damage and to reduce recovery time and costs. This ties directly into the Enterprise Risk Management program and the key impact categories (Financial, Operational, Reputational, Legal, etc.).

Organizations are relying on Continuity Logic to be that foundation for a holistic approach to resiliency. Capturing key people, processes, technologies, locations, suppliers and other elements give true insight into risk, compliance and governance. When the cyber incident is detected, Continuity Logic will produce in real-time all the interdependencies, allowing leadership to make a more informed decision. The tactical team responding to the incident may understand the steps needed but others may not be prepared.

With Continuity Logic’s role-based system, cyber experts and leadership will be working from the same template with different views. The cyber team will rely on their training for detection and prevention while leadership will be focused on the brand, stakeholders and crisis communication.

Visualizations become the story with Continuity Logic’s Incident Manager app. A lost or failed asset can be declared, and the database will highlight all interdependencies. As the scope of the incident changes, additional assets can be included for a more realistic view of the enterprise. A cybersecurity expert may want to quarantine an infected virtual machine when discovered with minimal knowledge of the impacts to the rest of the business.