Maksim Kabakou - Fotolia

Security Think Tank: Resilience means preparing for unpreventable cyber threats

What key things should organisations be doing in terms of cyber defences to ensure they are resilient?

Most organisations operate on the assumption that they will be targeted and breached, suffering a cyber outage as a result of an adversarial, accidental or environmental threat. However, there are ways in which all organisations can prepare for the inevitable and get back on their feet as quickly as possible.

Cyber resilience is the organisation’s capability to withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats. Some critical, high-impact risks cannot be anticipated and mitigated in a traditional manner. An organisation’s inability to eliminate the unknown unknowns underpins the need for cyber resilience.

Like so many security-related tasks to support the organisation with its day-to-day activities and realising objectives, resilience starts with tone from the top. The information security strategy describes how information security activity will help establish resilience against high-impact incidents (such as serious cyber attacks) and ensure the continuity of business operations.

In support of the strategy, organisations should consider establishing a comprehensive and approved information security incident management framework, which includes policy, access to cyber incident investigators and forensics experts, threat-related information and technical investigation tools.

In practice, cyber resilience activities within the framework include scanning for technical vulnerabilities, maintaining up-to-date patch levels, performing continuous security event monitoring, acting on threat intelligence and protecting information against targeted cyber attack.

Read more Security Think Tank articles about achieving cyber resilience

Good practice in IT and information security includes ensuring that backup and restore facilities are fully operational and regularly tested, and there is the ability to increase capacity, or shut down, isolate or load balance systems in case of an attack.

Cyber resilience activities should be supported by a process and team for the identification, response, recovery and post-implementation review of information security incidents. This same team should also regularly rehearse recovery plans.

Cyber resilience requires recognition that organisations must prepare now to deal with severe impacts from cyber threats that cannot be predicted or prevented. ............................................................................................................ .........................................................................................................

This was last published in August 2017

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close