https://www.techtarget.com/searchsecurity/tip/Build-a-strong-cyber-resilience-strategy-with-existing-tools
Cyber-resilience describes an organization's ability to respond to and recover from the effects of a cyberattack. A cyber-resilience strategy is a set of activities that, when executed properly, not only helps reduce the likelihood of a cyberattack occurring, but also improves the organization's ability to capture, quarantine, eliminate and recover from an attack should one occur.
Effective cyber-resilience strategies rely on four essential operational activities: business continuity (BC), disaster recovery (DR), incident response and cybersecurity plans.
In practice, however, BC, DR, incident response and cybersecurity plans exist in silos. Successful cyber-resilience depends on CISOs understanding the interrelationships among these parts and how each component complements the functions of the others. By eliminating barriers and establishing collaboration and communication, CISOs can help their organizations achieve a world-class cyber-resilience capability.
The principal benefit of an effective cyber-resilience strategy is it helps organizations prepare for and respond to future cyberattacks. It might not be possible to identify and deal with every attack, but companies armed with a strategy -- as well as the resources and procedures to back it up -- are in a far better position to respond to incidents than firms without such a plan.
Another advantage is that employees, senior management and stakeholders are aware of the risks and potential outcomes of a cyberattack. Periodic training and refresher briefings make employees better prepared to respond to a cyberattack.
To be most effective, CISOs should pair cyber-resilience with business resilience. The former can dramatically affect the latter. Both help organizations adapt quickly when responding to a security incident. But the components underpinning cyber-resilience must first be understood before they can be managed, maintained, improved and integrated with BCDR and incident response activities.
Building a cyber-resilience strategy begins by acknowledging that the organization is at risk of cyberattacks. Next, take the following steps.
Ask senior leaders across the organization to define what cyber-resilience means for them. Their input helps identify the most important business activities to management. This should include business unit leaders who should be aware of the impact of a cyberattack on their organization's activities.
Review standards and regulations addressing cybersecurity, including the following:
These documents can play a key role in formulating an effective cyber-resilience strategy.
Policies governing how the organization deals with cyberattacks and related issues are a key part of an overall strategy. Review existing cybersecurity policies to ensure their requirements are part of the cyber-resilience strategy. If a policy does not exist, consider developing one. It can support the cyber-resilience strategy and serve as a key piece of evidence for future IT cybersecurity audits.
Perform a business impact analysis (BIA) to identify mission-critical business processes. Include the people, plans, technologies and facility resources needed to enable those processes. A BIA also identifies the potential impact to the organization in the wake of a successful cyberattack. If the company already has a BIA, use the results, and determine how a cyberattack might or might not derail key processes.
In addition, use BIA research to determine resilience components -- meaning the priorities that must be returned to normal as soon as possible after a cyberattack. This ensures the organization can adapt to any process changes and bounce back from an incident as quickly as possible.
A risk analysis based on a BIA can identify an organization's most likely internal and external cyberthreats. Threat and vulnerability analyses identify weaknesses, such as an insecure network perimeter, that could increase the risk of a cyberattack. Penetration tests can also identify potential vulnerabilities and single points of failure.
Determine strategies to minimize the likelihood of a cyberattack. These could include deploying specialized antimalware and antiransomware software, updating firewall rules, launching an intrusion prevention system (IPS) and enhancing access controls by adding MFA.
Launch additional strategies, such as training IT staff about the most effective ways to deal with cyberattacks and creating a security awareness training program to educate employees about the dangers of an attack. Also, make sure backup copies of mission-critical assets are available as part of an overall data backup program.
Ensure mission-critical operational activities can be recovered and returned to normal operation as soon as possible. Existing cybersecurity plans can serve as the foundation for the cyber-resilience plan -- which goes beyond responding and recovering -- to enable business functions to return to normal quickly.
CISOs can also draw on their experience of responding to prior cyberattacks to help them prepare for any future attacks. Manage and maintain cybersecurity and DR plans to ensure IT resilience and prevent unauthorized access by cyberthreat actors. Use cybersecurity, DR and incident plans to manage the initial response to a cyberattack. Understand each of these plans complements the other; they should work together rather than at cross purposes.
The goal of a cyber-resilience plan is to ensure critical system and network elements are quickly recovered, tested for proper operation and put back into production. Be sure to do the following:
Verify operational components are documented, stored in secure locations and available electronically for maximum speed of access. Confirm that employees have access to documents explaining how to run mission-critical systems in case primary operators are not available.
Put together training programs for both existing and new employees to ensure staff can respond in the event of a cyberattack. To maintain awareness, send periodic reminders about the importance of cybersecurity.
Regularly assess the organization's cyber-resilience, and test and update plans to ensure cyber-resilience procedures are properly governing mission-critical company assets and business operations. Update plans and procedures based on changes in business operations and the results of exercises. Patch applications and systems when new updates or versions are available. Regularly brief senior management on the state of the organization's cyber-resilience.
Once the cyber-resilience strategy is operational, establish a schedule for program reviews, updates, tests and audits. This ensures the program remains alive and constantly improving. Cyber-resilience, like BCDR and incident response activities, should become part of the company's culture.
Despite the best of intentions, companies still face challenges that might hamper the development of a cohesive cyber-resilience strategy. Among the top challenges are the following:
Many different products and services address cyber-resilience. The same is true of resources for BCDR planning, incident response planning and cybersecurity management. Identify these sources, and determine how to use them within the company's overall strategy. Don't forget to assess standards and regulations and how cost-effective they might be in formulating the strategy.
Commercial and open source software products can help structure BCDR, incident response and cybersecurity plans, as well as tools that specifically respond to cyberattacks. Although not every piece of software can help develop a cyber-resilience strategy, it's worthwhile to consider them. AI products are another resource.
Another option is to tap the expertise of cloud service providers and MSPs, both of which offer a variety of as-a-service resources ranging from data backup and recovery to BCDR plan development, as well as BCDR, incident response and cybersecurity services that respond to disruptive events.
Experienced third-party consultancy firms might also help craft a cohesive cyber-resilience strategy. They can also facilitate documentation, testing, training and support plan audits.
The following are categories of tools that can support cyber-resilience:
Antivirus, data encryption, firewalls, managed detection and response, network security monitoring, pen testing and web vulnerability scanning are other tools and processes to consider integrating into a cyber-resilience plan.
A viable cyber-resilience strategy depends on the smooth collaboration of multiple preventive, detective and responsive plans, as well as associated program activities. A balanced program of components -- among them BCDR plans, incident response plans, periodic BIA risk analysis initiatives and senior management support -- help keep your organization's cyber-resilience up to date, documented and tested.
Paul Kirvan, FBCI, CISA, is an independent consultant and technical writer with more than 35 years of experience in business continuity, disaster recovery, resilience, cybersecurity, GRC, telecom and technical writing.
13 Jun 2025