What is cyber resilience? What does it even mean?
The coronavirus outbreak got every business executive thinking about the resilience of their operations and their business continuity planning, as we saw challenges coming from every direction: lockdown affecting the routes into offices, temporary closing of office spaces, the virus making staff members sick, schools being closed meaning that staff needed to look after children, clients and suppliers being affected, and investors focusing solely on their existing portfolio and not making new investments.
The disruptions caused to the operations of manufacturing and critical infrastructure have been significant. The resilience of businesses, and critical infrastructure in particular, has only become more important due to the pandemic.
We like to see resilience as essentially being able to deliver a service or fulfil a need, despite an event occurring or, as in the case of the pandemic, a significant change in ecosystem. Cyber resilience is specifically being able to deliver operations in the event of a cyber security related incident occurring.
How can my business achieve cyber resilience? How might I be able to build a cyber resilience strategy?
Cyber resilience differs from, but is obviously strongly related to, cyber security.
Cyber security is essentially the policies, processes, procedures and technologies which are the armour for a person or organisation.
Cyber resilience is more about:
knowing the environment that you’re in,
knowing the risks and threats,
knowing how you might be able to mitigate those risks and/or follow contingency plans
The Cyber Assessment Framework (CAF) addresses the cyber security needs of UK-based Critical National Infrastructure and many other businesses. Principle B5 within the CAF is entirely focused on resilient networks and systems. Principle B5 overarching questions ask you:
Are you prepared to restore the operation of your essential function following adverse impact?
Have you designed the network and information systems supporting your essential function to be resilient to cyber security incidents? Are systems appropriately segregated, and are resource limitations mitigated?
Do you hold accessible, secured and up-to-date backups of data and information needed to recover the operation of your essential function?
This is in addition to other parts of the CAF which prompt the framework adopter to produce resilience policies and processes which manage and mitigate the risk of adverse impact on the essential functions of your organisation.
Our Profile software assists you to work on all aspects of the CAF, but is particularly important when considering cyber resilience.
Our Dot software assists you directly with cyber resilience, as it gives a detailed understanding of the assets and vulnerabilities (and risk) of an operational technology environments - whether this is Industrial Control Systems (ICS), SCADA, Industrial IoT or Smart Buildings.
Output from both systems is actionable intelligence which can be used as part of cyber resilience strategies and business continuity plans.
Awen lets you know what you’re facing and simplifies processes. Let us do the heavy lifting.
Our best wishes to everyone in this current climate.
Keep healthy, keep safe, keep social.