Cyber risk isn’t something new, but the stakes keep on growing every day. Industry analysts believe that an incident is no longer likely to be a single event, but a sustained and persistent campaign against enterprises or governments.
Faster and cheaper digital technologies are delivering social and economic benefits to the people world over. We also know that the process of digitizing and connecting is not going to slow down anytime soon. This process is introducing a whole new category of risks from a variety of known and unknown sources.
But security can never be foolproof and cyber vandals are always looking for new ways to penetrate our digital lives. In order to increase the benefits and minimize the harms in this digital landscape, business leaders and governments should consider cyber resilience as a strategic goal.
Many companies believe that resilience is some sort of checklist which actually is not the case. Resilience is defined by a series of evaluations and not checklists. To ascertain the threat landscape, it is imperative that evaluation is based on the current threat environment and the acceptable risk level for the organization.
According to Shrikant Shitole, Managing Director, Symantec India, “We have arrived at the conclusion that there is no silver bullet, no one-size-fits-all solution when it comes to cyber risks, and in most cases, no single approach has the potential to offer protection from an attack. Businesses need to identify their most important business assets and how current security measures relate to them. It’s a paradigm shift that uses security intelligence to guide decisions and support agility.”
Resilience rather than security
Security is always binary as either something is secure or it isn’t. It is often relegated to a single, limited technical function, keeping unauthorized users out of a networked system.
When it comes to networked technologies, a vulnerability in one node can easily disturb the security and resilience of the entire network. That’s why partnerships between businesses as well as with regulators, prosecutors and policy-makers is key to maintain a cyber resilience strategy.
“Cyber resilience is all about managing security with a multi-layered approach that encompasses people, processes, and technology. Correlating security intelligence is important, but companies should also educate their employees so they can make better decisions and reduce risky behavior. This approach helps to eliminate the cyber gap between IT and business, requiring the two sides to proactively align and present a united front against threat and incursion,” said Tarun Kaura, Director – Technology Sales at Symantec India.
Last but not the least, IT must move from a policing mindset to one that promotes an integrated, comprehensive cyber strategy powered by people, processes, and technology.
“Nowadays, every form of business is getting digitized and enterprise industry is capitalizing the whole concept of digitization by bringing up new platforms and technologies, which in turn churns out new threats and vulnerabilities, which hackers exploit,” added Tarun.
To change the digital information culture, it is important to support and nurture a strategy that encompasses preparation, prevention, detection, response, and recovery, if organizations truly want to gain cyber resilience and the ability to respond and recover quickly from an attack.