Six steps to achieving cyber resilience through better cyber security
Security should be the enabler of the digital world. The ability to detect, protect, remediate and recover from a cyber threat is critical. Cyber resilience has become an elevated topic of discussion at board level. This has received further attention as a result of the recent WannaCry ransomware global attack.
Speaking at an event focusing on cyber resilience, hosted by ContinuitySA, Sean Duffy, Executive: Cybersecurity at Dimension Data Middle East and Africa, stated: "Organisations should adopt a risk-based approach to cyber security that is aligned to each organisation's business objectives."
Cyber security risks should be elevated and managed in line with an organisation's enterprise risk programme. Cyber risk is a business responsibility and not only that of the IT department.
Furthermore, Duffy stated: "Cyber security incidents will happen and organisations need to improve the security posture from a reactive to a predictive state, thus building cyber resilience."
Duffy contends that in order to achieve a business-driven, risk-aware approach to cyber security, organisations have to begin with the business itself: understand the organisation's objectives and the aligned organisational risk appetite.
Only once this is understood, can the non-technical and technical security controls be implemented. All controls that are defined need to be measurable and aligned to an industry security framework. Through this approach, organisations will be better suited to meet their operational continuity requirements.
To achieve cyber resilience, the following should be considered:
* Align IT and business to a cyber resilience strategy; * Use a common language to enable alignment; * Ensure board-level accountability for cyber risk and drive responsibility to C-level executives; * IT and business must collaborate in establishing the correct balance between the organisation's risk appetite and need to be resilient; * IT security should move from a controlling mind-set focused on control, to promoting an integrated, comprehensive cyber strategy powered by people, processes and technology; and * Organisations need to adopt a culture of preparation, prevention, detection, response and recovery.
"To align cyber security and business strategies to build overall cyber resilience, but without compromising operational effectiveness, is complex, and needs to be done within the overarching business resilience strategy," adds Jeremy Capell, GM: Advisory Services at ContinuitySA. "In this context, investing in specialist business resilience consulting makes excellent sense."
ContinuitySA is Africa's leading provider of business continuity management and related services. The company boasts some of the continent's most highly skilled and qualified business continuity and disaster management experts who help companies, organisations and government departments of all sizes prepare for and deal with all eventualities. These include potential threats, events, incidences and unforeseen or sudden disruptions due to human error or natural events.
ContinuitySA also provides a variety of hosting solutions, ranging from co-located to fully managed virtualised environments, with their primary focus being to ensure its clients are able to address the resilience and recoverability of their IT services. These hosting services are complemented by managed backup and recovery services, virtual server replication and high availability solutions to satisfy any level of continuity requirement.
ContinuitySA operates the largest recovery facilities in southern Africa. It has a number of recovery centres in southern Africa with over 20 000 square metres of recovery facilities in Midrand, Gauteng. Smaller sites have been located in Cape Town, Gaborone, Botswana and Mozambique, and a joint venture has been established in Mauritius.
ContinuitySA. Our business is keeping you in business. Additional information about ContinuitySA can be found at www.continuitysa.com.