Being Cybersecure Is Not Enough, Become Cyber-Resilient Instead
Technology, for its immense evolution, has now become a significant driver of the economy — both digital and global. Along with developments and innovations such as cloud-based computing and Internet-connected mobile devices, however, cybercrime lurks in the shadows. In light of this, being truly cyber secure became more of a utopian ideal than a real possibility. Since cyber attacks can’t be avoided, organizations need to become cyber-resilient instead. In short: They need to be able to bounce back after suffering from the consequences of a cyber attack…
Effective cyber resilience means thinking beyond the IT department
Ask a group of Australian business executives who should be in charge of their organisation’s cyber resilience plan and the majority are likely to point to their IT department. They think resilience is all about keeping the servers humming and data flowing through networks. Yet, while the IT infrastructure is certainly a critical component of any business, a cyber resilience plan needs to extend much further. To be effective, it needs to cover all parts of an organisation and involve everyone from the CEO to the reception desk. This is because potential disruptions are not limited to IT-related incidents. They could arrive in the form of extreme weather, a supply chain failure or electricity outages.
You only have to look at events such as storms in South Australia or cyclones and floods in Queensland to see the potential for business disruption and loss. For this reason, it’s worth investing time and resources now to put in place a comprehensive and effective business resilience plan that will ensure operations can continue should an incident of any type occur…
The Human Factor In Organisational Cyber Resilience
The academic and industry literature is full of extremely useful research, insights and advice on how people interface with security technology and how that interaction can be enhanced to reduce the chance of a malicious attack. However, the role of the human in enhancing the overall resilience of an organisation operating within an environment where the cyber risks of any type are high is discussed much less.
Clearly, stopping the risk at source with technological measures such as security to prevent anything malicious penetrating the organisations IT systems and fool-proof systems that work first time every time is the ideal. But no security is 100 percent effective, threats frequently emanate from within an organisation and, whilst malicious attacks dominate the news, other, more mundane, IT issues such as hardware failures, network outages and user error are far more common and often cause a similar disruptive impact on an organisation….