Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

From reactive to proactive: The importance of building a culture of cyber resilience

In today’s rapidly evolving threat landscape, the importance of cultivating a culture of cyber resilience cannot be understated. The convergence of cyber crime with advanced persistent threat methods has led to an increase in sophisticated and targeted attacks, making it imperative for organisations to adopt a proactive approach to cyber security.

user iconCornelius Mare
Wed, 22 Mar 2023
From reactive to proactive: The importance of building a culture of cyber resilience
expand image

Cyber resilience is about building a resilient, secure, and adaptable business prepared for and capable of responding to threats. This involves developing and implementing a robust security posture that anticipates and mitigates threats and prepares organisations to quickly recover from any disruptions that may occur. The goal is to minimise the impact of a security breach and ensure business continuity, protecting the company’s reputation, financial stability, and customer trust.

The four elements of an effective cyber resilience strategy are:

1. Manage and protect: focus on proactively managing and protecting sensitive information and assets from potential cyber threats. This involves implementing technical measures, such as anti-malware protection, identity access management, and multifactor authentication, as well as establishing processes for securing and monitoring access to sensitive information.
2. Identify and detect: reduce the attack surface and conduct a thorough risk assessment to identify and detect cyber threats and vulnerabilities that could impact systems, applications, and data. This includes monitoring for malicious activity and implementing threat detection tools, such as endpoint detection and response (EDR), intrusion detection and prevention systems (IDS/IPS), and security information and event management (SIEM).
3. Respond and recover: assuming a breach will occur and having a well-planned and tested response and recovery plan ready for deployment is essential. The core focus of any response and recovery plan is the technical aspects of understanding the scope of a breach, securing and restoring systems, strengthening IT security, and complying with regulatory requirements.
4. Govern and assure: to ensure the success of a cyber resilience strategy, it’s important to have oversight from senior staff and board members. This includes having a comprehensive risk management program that aligns with the organisation’s overall goals and is validated by the business’s senior leadership. Having a top-down approach to governance and assurance can help ensure that the organisation is taking a comprehensive and effective approach to protecting itself from cyber threats.

Achieving cyber resilience is a long-term and ongoing process as the threat landscape constantly evolves and new vulnerabilities emerge. Businesses can, however, improve their cyber security posture and work towards achieving cyber resilience by implementing the following strategies:

  • Elevate cyber resilience to a board-level issue: cyber security is an organisational risk, not an IT problem. Boards must take a proactive approach to cyber security and allocate adequate resources to address the threat, ensuring budgets align with the company’s needs to minimise potential harm.
  • Adopt zero trust to control access to sensitive data: zero trust adopts an “always verify” approach, treating every user and device as a potential threat and using authentication before granting access to enterprise resources. This approach also leverages the principle of least privilege, where access permissions are limited to only what is necessary for the user or device to perform its intended role.
  • Create a cyber-aware culture: implement comprehensive and ongoing cyber security awareness programs to educate employees and empower them to identify and respond to threats. This can include regular tabletop exercises, simulated cyber attack scenarios, and organisation-wide security education initiatives.

No business is completely immune to cyber attacks. The growing sophistication and diversity of cyber threats require a collective effort from all levels of the company, not just the IT department. By creating a culture of cyber resilience, everyone from top-level executives to frontline employees is held accountable for practising best cyber security behaviours and following protocols. This proactive and inclusive approach can significantly reduce the risk of cyber attacks and improve the overall security posture of the organisation.

Cornelius Mare is the chief information security officer (CISO) of Fortinet.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.