Guidelines for businesses to follow to ensure that they are protected
In this digital world we live in, security is of utmost importance. We need the aptitude to detect, protect and if needs be, recover from a cyber threat should one occur. The topic of cyber resilience has escalated to board level as a result of the recent WannaCry ransomware global attack.
ContinuitySA recently held an event focussed on cyber resilience, where Sean Duffy, Executive: Cybersecurity at Dimension Data Middle East and Africa stated, “Organisations should adopt a risk based approach to cybersecurity that is aligned to each organisation’s business objectives.”
The threat that is posed by cyber attacks needs to be taken seriously and is the responsibility of the entire business and not just the Information Technology department. Duffy went on to say that Cybersecurity occurrences will happen and it is up to the organisation to be more proactive and reactive in building cyber resilience.
Duffy insists that in order to achieve a business-driven, risk-aware approach to cybersecurity, organisations have to begin with the business itself: Understand the organisation’s objectives and the aligned organisational risk appetite. Only once this is understood, can the non–technical and technical security controls be implemented. All controls that are defined need to be measurable and aligned to an industry security framework. Through this approach organisation will be better suited to meet their operational continuity requirements.
To achieve cyber resilience, the following should be considered;
- Align IT and business to a cyber resilience strategy
- Use a common language to enable alignment
- Ensure board level accountability for cyber risk and drive responsibility to C-level executives
- IT and business must collaborate in establishing the correct balance between the organisation’s risk appetite and the need to be resilient
- IT Security should move from a mindset focused on control, to promoting an integrated, comprehensive cyber strategy powered by people, processes and technology
- Organisation must adopt a culture of preparation, prevention, detection, response and recovery
“To align cybersecurity and business strategies to build overall cyber resilience, but without compromising operational effectiveness, is complex, and needs to be done within the overarching business resilience strategy,” adds Jeremy Capell, GM: Advisory Services at ContinuitySA. “In this context, investing in specialist business resilience consulting makes excellent sense.”
By Jeremy Capell
General Manager Advisory Services
Is it Important to Train your Hiring Manager for Recruitment?
Keep up to date with industry related business tips, tricks and advice.
Is the Buzzword Information Technology Infrastructure Library (ITIL) Disappearing?