Cyber Resiliency: Key to Business Success
Cyber security spending has increased dramatically in the United States in the last five years, and for good reason. Studies show attacks cost businesses as much as $400 billion per year, with five out of every six large companies attacked in 2014 alone. But hacks can be detrimental to businesses, regardless of size, costing more than money—many do irreparable damage to brand and reputation, as well. Companies worldwide are realizing that preventative security measures are no longer enough. They need to make themselves cyber resilient.
What is cyber resilience? According to a recent report, it’s “the ability to operate the business processes in normal and adverse scenarios without adverse outcomes.” In other words, it’s making sure your systems are strong enough to withstand constant threat without losing the farm. For many of us, it’s a whole new mind-set of “re-architecting” infrastructure to limit the potential damage, right from the ground up.
A focus on cyber resilience is increasingly important not just because of the increase in hacks, but because of the parallel rises of the Internet of Things. Security in the IoT has become quite a tricky business, complicating our ability to keep company and customer data safe. For one thing, as the IoT grows, unauthorized devices will pop up like flies on our business networks, all with varying degrees of security—and threat. Second, as noted by IBM’s own ResilienTV, cyber security in the IoT age is a much more critical issue. It was one thing when hackers could steal your social security number or credit card number. Now they can access your car brakes, home locks, and personal video cameras, as well. As everything becomes a computer, everything demands cyber security. We suddenly have even more than personal data to lose.
As we move even further into a world where everything is interconnected—and accessible—cyber resiliency becomes less of a buzz word and more of a legitimate business survival skill. Below are a few steps to keep in mind as you attempt to make your company more cyber resilient.
Make Cyber Resilience a C-Level Discussion
In 2016, IBM Resilient and the Ponemon Institute did a study on cyber resilient organizations, and what makes them tick. It found that cyber security needs to be a C-Suite priority—not just a focus of the IT team. That means breaking down silos surrounding tech and business goals, and creating a holistic approach to security company-wide.
Stop Being Prepared for Damage—Start Preventing It
Cyber resiliency is less about being able to identify and manage threats, and more about preventing them in the firsts place. It’s about reimagining how we view security—thinking in terms of the whole system, rather than single pieces of hardware or cloud space. Cyber resiliency can’t be found in a new secure virtualization program. It can only be built through a solid long-term, holistic approach to an organization’s security from the ground up. It means building new products and devices with a “Secure Development LifeCycle,” considering potential threats—and how to beat them—from the design and development phase, rather than as an after-thought. And it means focusing on a fluid program of monitoring, predicting, responding and recovering that allows the business to keep moving, no matter what threats are happening in the digital plane.
Align for the Times
Realize the IoT is not going anywhere but up. Focus on paths to integration, including BYOD programs to support a growing mobile workforce. The Center for Cyber Security claims up to 80 percent of attacks could be prevented by maintaining inventory of authorized and unauthorized devices, software, etc., and actively monitoring and assessing these devices. Rather than policing and punishing, make BYOD a clear and present part of your cyber resiliency plan so you can find ways to keep your entire network—including an expanding network of IoT devices—in check.
Cyber resilience—much like resiliency and agility in other aspects of the digital business landscape—is not an overnight issue. It will take lots of cooperation, discussion, and planning among all relevant parties in your organization. The sooner you start, the safer your company will be in the long run.