What key things should organisations be doing in terms of cyber defences to ensure they are resilient?
Most organisations operate on the assumption that they will be targeted and breached, suffering a cyber outage as a result of an adversarial, accidental or environmental threat. However, there are ways in which all organisations can prepare for the inevitable and get back on their feet as quickly as possible.
Cyber resilience is the organisation’s capability to withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats. Some critical, high-impact risks cannot be anticipated and mitigated in a traditional manner. An organisation’s inability to eliminate the unknown unknowns underpins the need for cyber resilience.
Like so many security-related tasks to support the organisation with its day-to-day activities and realising objectives, resilience starts with tone from the top. The information security strategy describes how information security activity will help establish resilience against high-impact incidents (such as serious cyber attacks) and ensure the continuity of business operations.