The cyber resilient organization part I: Building cyber resiliency
Cyber resiliency is becoming a top priority as organizations take advantage of the latest digital technologies, broaden their global customer base and mine the world’s newest natural resource — data.
Cloud computing, artificial intelligence, the Internet of Things, blockchain and the proliferation of social media have taken human connection and data accessibility to unprecedented heights. Their power and influence on business make our efforts to protect them from harm that much more significant. So, how can organizations begin to establish and prioritize cyber resiliency and use its core purpose to promote long-term business growth?
In an article for Harvard Business Review, Diane Coutu defines resilience as “the skill and the capacity to be robust under conditions of enormous stress and change.”1 While stressful conditions are hard to avoid in any line of work, an organization’s capacity to withstand IT threats and move forward to pursue its business objectives can always be improved.
Build a resilient organization
In her article, “How Resilience Works,” Coutu explains that all resilient organizations share three fundamental characteristics:
- Facing down reality
- The propensity to make meaning of terrible times
- Ritualized ingenuity
The first step to becoming a cyber resilient organization is accepting that cyberthreats to your organization are real. It’s no longer a matter of if, but when, and many companies may already be unknowingly compromised. This is especially important in the era of advanced persistent threats, in which cybercriminals hide inside an organization’s IT environment over a long period of time.
Organizations must also equip themselves with the right tools, as well as experts who can locate vulnerabilities and find solutions before a cyberattack or other IT failure occurs. Businesses also need leadership that is committed to empowering employees by implementing long-term strategies that stop repeated incidents. Organizations should also make use of AI and cognitive technologies, as well as predictive analytics for pattern recognition, to detect and thwart potential threats.
Finally, in the midst of these evolving cyberattacks, the most successful cyber resilient organizations will outpace their competition by being inventive, original and aggressive. They won’t compromise security for growth; clients will feed off of that level of accountability.
In my mind, cyber resilience should be viewed as the skill and the ability to foresee, analyze, defend, recover and learn to improvise from stressful conditions or events that impact critical, cyber-enabled resources. I’m confident that with the right set of values, committed leadership and a collective commitment to security, every organization is capable of becoming cyber resilient.