October is National Cyber Security Awareness Month. This week’s theme is “Resilience in Critical Systems,” so we’ll be looking at the critical steps organizations can take to prepare for the worst and recover faster when data breaches occurs.
Data breaches and loss incidents are a dime a dozen these days. Every week, another major company is hit. The results? Lost trust, angry customers, damaged reputations, stolen corporate secrets – any and all of these can be the consequences of a data breach. And that doesn’t even touch any of the penalties, fines, increased insurance or other financial issues that can occur in the aftermath.
We used to tell our clients “It’s not if, it’s when.” Now we tell them, “It’s not when will this happen, it’s when are you going to find out?” And not just when – but how will you find out?
The truth is your company can do everything right and still be attacked by a sophisticated, determined hacker, criminal or other bad actor (including malicious insiders). That’s why it is so important that companies protect against a data breach by building out their business continuity capabilities and instilling resilience into critical systems.
What Does It Mean to Have Critical System Resilience in the Age of the Hack?
Cyber security system resiliency means having robust alarm processes in place – and people who have been trained to take effective action when they go off.
Effective resiliency requires two things:
- Purposeful preparation
- Rapid response
Here is how you ensure you can responsibly protect against your company’s cyber risk profile.
Purposeful Preparation: Anticipate Hackers and Strengthen Defenses
Investments in cyber security crisis management should not be afterthoughts.
Companies must focus on IT systems, especially their infrastructure, to ensure they are ready for inevitable attacks.
It’s imperative that business leaders take a proactive approach to developing strong defenses, as we explain in detail here.
Rapid Response: Speed Is the Key
As we’ve said before, don’t wonder if hackers are coming – expect that they are already there.
A proactive approach that includes strong business continuity can minimize the reputational and financial damage of a hacking incident at your company. According to a recent study, companies with robust business continuity management processes discovered and contained data breaches faster. Faster identification enables faster response, lessening the impact.
Building risk awareness and intelligence into your organizational culture and strong risk management capabilities into daily operations is crucial for true resilience. Bolting them on or siloing them as the job of “the risk guys” creates holes in security cultures – which ultimately creates vulnerabilities in your security.
Bottom Line: Resilience Starts with Readiness, Backed Up with Response
As we said before, do not let “IF we get hacked” enter conversations about system resiliency. Your company will be a target. So it is imperative that you prepare not only your employees, but your infrastructure as well. Such readiness occurs only with a robust commitment to enterprise risk management overall and a strong focus on the resilience of critical systems.
Is there security in obscurity? When it comes to cyber security in today’s digital world, the answer is no. Every company with any kind of valuable data should expect to be a target. But those companies that are ready for the attack and know how to respond quickly and effectively will recover faster when data breaches occur.
Keep Up with NCSAM Coverage for More Cyber Security Best Practices & Ideas
- Learn more about NCSAM
- Use our NCSAM tag to find all of our articles
- Join the conversation on Twitter:#CyberAware
About the Author: Lou DiSerafino
Lou is an executive with Infinitive Insight, the enterprise risk management practice at Infinitive. He has 30+ years of experience in enterprise risk management, specializing in strategic risk management, crisis management and business continuity management for Infinitive Insight.