A small
The fragility and interconnectedness of the digital world has become deeply concerning. Organizations are investing more and more of their precious assets into a smaller number of baskets, many of which have shadow ownership without direct control. And when those baskets unweave, the damage is far reaching and irreversible.
Business leaders and boardrooms are looking for answers — "Can this happen again?" "Can we predict or prevent it?" "How can we prepare?" And while there isn't a single solution, government, or entity that can help mend this problem, there are some important factors to consider when trying to mitigate and counterbalance these risks.
- Resilience
· Developing a situational awareness of one's own business environment and attack surfaces.
· Identifying and prioritizing critical assets.
· Mapping out attack vectors, controls and processes.
· Identifying security gaps and addressing them.
· Stress-testing the environment repeatedly, and
· Gradually improving incident response and disaster recovery capabilities.
Resilience cannot be built haphazardly. One must adopt a standardized framework (such as the
- Governance
Governance is the guiding force behind risk management. It ensures that cybersecurity objectives align with business goals; it helps arrange and direct cybersecurity resources, and it establishes policies, procedures, protocols and accountability mechanisms. However, having a basic level of governance does not simply cut it anymore. Organizations need to develop a more engaged form of governance where business leaders can go beyond a chaotic and reactionary, knee-jerk response, to a more streamlined and proactive effort where cybersecurity concerns are actively acted upon and included in the planning, project management and production processes.
- Supply chain integrity
Businesses are increasingly reliant on modern supply chains but do not have the
- People
A lot of security incidents can be
- Practice
Despite our best efforts, a crisis or disruption can happen to anyone, at any given time. Organizations must be prepared for the worst. The key to crisis management is effective and timely incident response. The key to effective and timely incident response is a well-rehearsed incident response playbook. Ideally, you want security intuition to kick in, which can only be nurtured when employees practice and endure real-world crisis scenarios repeatedly. They should know who to contact in the event of an incident (insurer, third-parties, service provider), who is in charge of what (PR, legal, finance) and the steps needed to maintain business operations, recover swiftly, and minimize damage to the organization.
Both businesses and consumers alike are increasingly reliant on interconnected technology. Despite real concerns of widespread technological disruption, the truth is that there is no turning back from this position. Cultivating business resilience should not be left to wishful thinking but treated as a core strategic objective.
See more: