What is cyber resilience?
Cyber resilience is the ability to prepare for, respond to, and recover from cyber attacks. It helps an organization protect against cyber risks, defend against, and limit the severity of attacks, and ensure its continued survival despite an attack.
Cyber resilience has emerged over the past few years because traditional cybersecurity measures are no longer enough.
It is now commonly accepted that it’s no longer a matter of ‘if’ but ‘when’ an organization will suffer a cyber attack.
This means that instead of focusing your efforts on keeping criminals out of your network, it’s better to assume they will eventually break through your defences, and start working on a strategy to reduce the impact.
The four elements of cyber resilience
The IT Governance Cyber Resilience Framework recommends a four-part approach to cyber resilience:
The first element of a cyber resilience program involves being able to identify, assess, and manage the risks associated with network and information systems, including those across the supply chain.
It also requires the protection of information and systems from cyber attacks, system failures, and unauthorized access.
Find out more >>
This stage should cover:
- Malware protection
- Information and security policies
- Formal information security management program
- Identity and access control
- Security teams are competent and receive regular training
- Security staff awareness training
- Physical and environmental security
- Patch management
- Network and communications security
- Systems security
- Asset management
- Supply chain risk management
The benefits of cyber resilience
A cyber-resilient posture helps you to: