Cyber resilience is far and away priority No. 1 for most IT and business leaders in 2022, according to TechTarget’s proprietary “IT Priorities” survey of more than 3,500 global technology and line-of-business buyers.
Over half of decision-makers surveyed said security and risk management are more important to their organization’s future than they were before the pandemic. In fact, they said security is two times more important to them than any other technology in terms of pandemic response.
Given the high priority of cyber resilience, it is imperative that leaders are confident in their ability to prevent business disruption. This means proactively preventing attacks; defending and responding to attacks quickly and comprehensively; and recovering without incurring damage, suffering from crippling downtime or having to pay ransomware.
Unfortunately, there is a gap between how business leaders perceive their posture on resilience and how technology leaders see it. Per the World Economic Forum (WEF), 92% of business executives believe that cyber resilience is integrated into their enterprise risk management strategies, yet only 55% of security-focused executives agreed with that statement. As noted by the WEF, “Cybersecurity is still an afterthought in too many organizations.”1
How do you close the gap between perception and reality? How do you ensure cybersecurity is not an afterthought? How do you make cyber resilience an essential, intrinsic capability of your organization so users and other stakeholders have confidence that everything possible is being done to minimize risk of business disruption?
Steps to Building Confidence
Building confidence starts with defining what cyber resilience means for your organization. In broad terms, resilience is the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions.
Cyber resilience is a business strategy that incorporates people, process and technology into a holistic framework that protects your entire business, organization or entity. It incorporates prevention, defense and recovery. Building confidence requires that you:
Establish your risk profile: What are the crown jewels that need to be protected? What applications can never go down? What are the acceptable recovery time objectives and recovery point objectives for each application? Business leaders have to be involved from the outset in building the risk profile, and IT and security teams have to define their investments in people, technology and partners based on that profile.
Adopt an intrinsic security model: Security should be the first step in building your infrastructure, whether at the edge, in the cloud or in on-premises environments. Intrinsic security should factor in users, IDs, devices, assets and data in real time across any cloud or app so you can identify risk and prevent threats. With an intrinsic security model, you can be proactive instead of reactive in managing risk.
See related article: The Business Case for Intrinsic Security—and How to Deploy It in Your Organization
Consider the human element: As noted, cyber resilience incorporates people, process and technology. The human element is critical, particularly at a time when more people are working remotely or from home and more organizations are feeling the impact of a shortage of qualified cybersecurity personnel. The human element includes communicating the risk profile; providing constant, ongoing training in basic cybersecurity hygiene; and leveraging automation, artificial intelligence, machine learning, threat intelligence and other innovations in your intrinsic security model to alleviate the pressure on security analysts and security operations center teams.
Don’t ignore the importance of secure data backup and recovery: Protecting your critical data and recovering it with assured integrity is key to resuming normal business activities following a cyberattack. With ransomware on the rise, a cyber recovery vault is becoming an essential cyber resilience tool to enable organizations to quickly identify a clean copy of data, recover critical systems and get the business back up and running.
Conduct a third-party cyber risk assessment: Establishing your risk profile is essential. But how does your current posture on cybersecurity and resilience measure up to the risk goals established by your business and technology leaders? A cyber risk assessment conducted by a reputable third party can help you understand where you are and then build a plan to get to where you need to go in terms of prevention, defense and recovery.
Taking the Next Step
Building confidence in cyber resilience is a function of having the right technology partners to help you on every step of the journey, including building your risk profile; deploying modern, end-to-end intrinsic cybersecurity frameworks; leveraging advanced technology from edge to cloud to on premises; and providing global support, services, expertise and solutions.
When it comes to providing a holistic framework that protects your entire organization, Dell Technologies offers an end-to-end approach that enables customers to have confidence that cyber resilience is priority No. 1 for their organization and teams. For more information, please visit Dell Technologies and review the articles and resources on this site.
1 “What You Need to Know About Cybersecurity in 2022,” World Economic Forum, Jan. 18, 2022