The world is changing rapidly and cyber criminals are adapting to it faster than security solutions are being developed. Targeted attacks by skilled and persistent cyber criminals are now a worrying business reality.
Traditional security measures such as firewalls and antivirus software are proving inadequate in the evolving threat landscape. It’s not a matter of ‘if’ but ‘when’ an organisation will suffer a cyber attack.
Organisations should assume they will be breached. Instead of focusing all your efforts on keeping criminals out of your network, it’s better to assume they will eventually break through your defences, and start working on a cyber resilience strategy to reduce the impact.
What is cyber resilience?
To explain cyber resilience, we first need to explain the concept of cyber security.
Cyber security comprises technologies, processes and controls that are designed to protect individuals and organisations from cyber crime. Effective cyber security reduces the risk of cyber attacks. Cyber security is a sub-section of information security.
Cyber resilience is a broader approach that encompasses cyber security and business continuity management, and aims to defend against potential cyber attacks and ensure your organisation’s survival following an attack.
An organisation’s resilience to cyber attacks will become a critical survival trait in the future.
The Directive on Security of Network and Information Systems (NIS Directive) is a new EU-wide law that comes into effect in 2018 that will require organisations operating in critical sectors to achieve a robust level of cyber resilience.
How to achieve cyber resilience
To achieve cyber resilience, an organisation should take a two-pronged approach:
Identify, protect and detect
The first phase of a cyber resilience programme involves being able to effectively identify, assess and manage the risks associated with an organisation’s network and information systems, including those across the supply chain.
It also requires the protection of information and systems from cyber attack, system failures, or unauthorised access. A robust cyber resilience posture also requires continual monitoring of network and information systems to detect anomalies and potential cyber security incidents before they can cause any significant damage.
Implement an information security management system (ISMS) and conduct regular penetration testing.
An ISMS is a system of processes, documents, technology and people that helps to manage, monitor, audit and improve your organisation’s information security. It helps you manage all your security practices in one place, consistently and cost-effectively. Combined with regular penetration testing, you will significantly improve your information security defences and reduce the risk of a cyber attack.
Secures your information in all its forms.
Protects the confidentiality, integrity and availability of data.
Offers organisation-wide protection.
Protects against evolving security threats.
ISO 27001 is the international standard that describes best practice for an ISMS, helping to manage, monitor, audit and improve your organisation’s information security.
Respond and recover
The next phase of developing a comprehensive cyber resilience programme is to build capacity around incident response and business continuity management. These response and recovery measures will help you take the necessary steps to minimise the impact of an attack.
The whole point of cyber resilience is to survive an incident and be able to return to business as usual following a cyber attack.
Implement a business continuity management system (BCMS) and a cyber security incident response management programme.
A BCMS is a comprehensive approach to organisational resilience. BCM involves managing risks to ensure that mission-critical functions continue to provide an acceptable level of service, even in the event of a major disaster. By incorporating a comprehensive cyber incident response management programme, a complete BCMS will ensure you respond and recover rapidly from any attack.
Maintains continuity of business operations.
Reduces the cost of business interruption.
Helps the organisation respond to any type of disaster.
Ensures a fast recovery after a breach.
ISO 22301 is the international standard that details the requirements for a BCMS and provides the framework for implementing the necessary procedures for effectively responding to and recovering from any type of incident, including a cyber attack.
A cyber-resilient posture also helps you to:
- Reduce financial losses;
- Meet legal and regulatory requirements: new regulations such as the NIS Directive and the General Data Protection Regulation (GDPR) call for improved incident response management and in some cases, business continuity management;
- Improve your culture and internal processes; and
- Protect your brand and reputation.
How we can help you develop cyber resilience
Implement an ISMS
We can help you implement an ISO 27001-compliant ISMS quickly and within budget by drawing on our unique blend of practical information security know-how and technical expertise.
Implement a BCMS
Our experts will save you hours of uncertainty and trial and error, providing your organisation with the core competence and skills you need in order to implement a robust BCMS based on ISO 22301.
Incorporate a robust cyber incident response management programme
Get access to an experienced, dedicated technical team that can carry out sophisticated cyber security incident investigations quickly and effectively. Identify, detect and contain incidents faster, mitigate the impact of an incident and restore services in a trusted manner.
Conduct penetration tests
Implement a regular penetration testing regime to continually measure and improve the security of your systems and networks. Regular penetration testing plays an essential part in any effective cyber security programme.
Get certified and achieve independent assurance
Our unique combination of cyber security know-how and track record in international management system standards means we can help you achieve dual certification to the international standards ISO 27001 and ISO 22301 through a single project.
Speak to an expert
Please contact our team for advice and guidance on our cyber resilience products and services.