The cyber resilient organization part II: Cyber resilience vs. cybersecurity
I often hear the question, “How is cyber resilience different from cybersecurity?” Both aim to keep your business operational in the face of disruptive cyber attacks, but from there the differences between resilience and security are fundamental.
Protect and defend
Cybersecurity relates to keeping attackers out and protecting your data from being stolen. The principles of cybersecurity primarily focus on:
- Creating multi-layer, in-depth defenses within IT infrastructure
- Limiting access to IT systems to relevant parties
- Identifying and isolating threat areas
- Processes and measures for continuous protection of systems, networks and data
Respond and recover
Cyber resilience, on the other hand, helps get business operations back on track in the event of disruption and become more capable of withstanding future disruption. The principles of cyber resilience look at enterprise-wide risk factors to:
- Simplify design and implementation
- Continuously review critical assets, attack surfaces and evolving technical and nontechnical risks
- Identify critical process and functional impacts, and implement redundancy and defense measures at each step
- Focus on both the technology and human aspects of end-to-end business continuity
- Implement enterprise-level risk management and IT governance
Business as usual
While cyber resilience and cybersecurity are related, the ultimate goal of cyber resilience is to keep your business up and running in an environment where advanced, persistent threats are continuously maturing and evolving.
This differentiation requires a fundamental change in mind-set — not choosing one over the other, but implementing both cyber resilience and cybersecurity practices. To adopt an effective, risk-based approach, organizations have to look beyond firewalls, IP/IDS, security operations centers or anti-virus control and ask deeper, enterprise-wide questions, such as:
- Does our organization have senior management approval and a defined, long-term budget to address cyber resilience requirements at every level?
- Do we have an enterprise risk management program in place, in conjunction with IT security and disaster recovery colleagues? Are the right resources defined to implement and manage that program?
- Have we identified all of our critical resources and the business impact of their potential downtime? Are we conducting regular risk reviews, tests of failure scenarios and contingency plans?
- Is our disaster recovery and backup plan fail-safe? Do these plans comply with recovery time objectives, recovery point objectives, service-level agreements and other regulatory requirements?
Cyber resilience is designed for the always-on era. When organizations consider every possibility and test for any contingency, they are doing a great service for their clients, partners and for their business. Effective cyber resilience practices encourage new innovation, empower employees to do their jobs with confidence and elevate an organization’s standing among both clients and competitors.
Get the Ponemon Institute’s annual benchmark report to learn more about the impact business continuity management (BCM) can have on mitigating the consequences of a data breach, and reach out to an IBM expert to see what BCM can do for your business.