ARInnovate is a specialised consulting firm providing organisations with bespoke software development and cyber security services.

CONTACTS
sale 313629 article image - AR Innovations

It is a reality that cyber attacks on organisations lead to business disruptions and in many instances the business disruption is so catastrophic that the organisation fails to recover from the cyber attack.
Organisations are slowly realizing that preventing a cyber attack is inevitable. All organisations will eventually face cyber-attacks. How the organisation overcomes the cyber attack depends on how cyber resilient the organisation is.
Through effective cyber resilient processes, organisations can convert the cyber security crisis into an opportunity.
In this writeup, we explain the key differences between cyber security and cyber resilience and high level actions organisations can undertake to achieve cyber resilience.

FactorsCyber SecurityCyber Resilience
DefinitionCyber security refers to the processes, procedures and techniques that is used to protect the organisation data and infrastructure.Cyber resilience refers to the ability of the organisation to respond and recover from a cyber-attack.
Operating ModelIn most organisations, cyber security is a standalone program run by the IT department.Cyber resilience is a part of enterprise resilience across all functional and operational areas of an organisation
GoalCyber security reduces the chances of getting a cyber attackCyber resilience reduces the impact of the cyber-attack and enables continuity of business operations
Organisation specificCyber security controls are usually common and consistent regardless of the type of organisation. E.g., Malware protection, Remote access protection, etc.Cyber resilience frameworks usually differ for every organisation, based on the industry it operates in and the services it provides to its clients.
Major controlsControls are generally technical in nature:
• Malware protection
• Asset and access management
• Cryptography
• Physical Security
• Secure systems and software development
• Security testing of systems and applications
• Awareness training
• Third party risk management
• Vulnerability protection and patch management
Controls are generally business focused:
• Backup and recovery
• Incident response and management
• Business continuity management
• Crisis Communications
• Regulatory & Compliance
PersonnelSkilled personnel are required for each major technical control to implement and safeguard the organisation.   Occasionally, business personnel are required for cyber securitySkilled personnel are required across business units to manage incidents, assess business impacts, develop response strategies and manage communications.   All business unit personnel are key stakeholders in the case of cyber resilience
Elements required to be effectiveWell-defined cyber processes, skills and technologies for all of the above controlsProactive risk management, effective detection mechanisms, response and recovery frameworks.
Key Metrics• How many high risks in place at the moment?
• How many critical and high rated vulnerabilities are open?
• How many cyber-attacks successfully prevented from impacting the organisation?
• How many servers, laptops and systems that does not have malware protection?
• How often the critical data is backed up?  How many backup and restore tests are conducted each year?
• How many simulation incidents have been tested?
• How effective is our Crisis Communications strategy? 
• When was it last tested?How quickly did the organisation recover from the last cyber-attack?
• What are the potential business impacts of a cyber-attack?  

How to plan for cyber resilience?

For an organisation to become cyber resilient, it must have cyber security policies and procedures to manage cyber risks, defend against cyber threats and ensure business continuity. Below are the recommended step-by-step procedures to plan cyber resilience for an organisation.

  1. Identity critical resources for business continuity
  • Brainstorm with all the business units in the organisation to identify mission-critical functions, processes, systems, applications and other supporting resources.
  • Assign priorities to the identified resources
  • Conduct Business Impact Analysis (BIA) for the identified resources
  • Analyse the impact on each resource and categorise them.

2. Conduct risk assessments

  • Identify the risk likelihood for all the resources
  • Assign risk ratings according to the enterprise risk management framework
  • Analyse the risk profile and risk appetite of the organisation based on current cyber-attack trends

3. Implement cyber security controls

  • Based on the impact and likelihood, research and identity cyber security controls to reduce the risk rating
  • Develop a cyber security roadmap and implement the controls with planned timeline

4. Develop incident response and Business Continuity Planning (BCP)/IT Disaster Recovery (DR) frameworks

  • Brainstorm and develop incident response framework to successfully respond to cyber-attacks.  Incident response framework must include,
    • Roles and responsibilities
    • Incident response phases
    • Incident categorisation
    • Impact calculation
    • Communication plan
    • Reporting procedures
    • Timelines
  • Develop BCP/DR framework in consultation with business unit staff
  • Create incident response playbooks for quick response in case of a cyber incident
  • Create business continuity plans/playbooks to cater for potential business disruptions resulting from cyber-incidents

5. Train the personnel

  • Regularly train the organisation staff on the frameworks, policies and procedures
  • Improve their cyber security skills through quizzes and assessments

6. Test the frameworks and update regularly

  • Simulate the attacks, incidents, etc and test the ability of the incident response and business continuity processes, procedures, plans and personnel
  • Improve the plans based on the results of tests.

Author

Arvinth

Leave a comment

Your email address will not be published. Required fields are marked *