Why companies need cybersecurity and cyber resilience

What cybersecurity provides

Cybersecurity is one of the most widely used terms in IT. Cybersecurity is defined as "the protection of internet-connected systems such as hardware, software and data from cyber threats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems."

Cybersecurity standards and frameworks specify how to prepare for and respond to an attack. Damage to an affected organization can be greatly mitigated with a strong cybersecurity program. Prudent investments in cybersecurity software, hardware and perimeter protection systems -- for example, firewalls and intrusion prevention systems -- can turn a potential business-killing attack into an easily handled minor event.

How cyber resilience helps

By contrast, cyber resilience is a recent term. Resilience is the ability of an organization to modify and adapt how it does business to quickly recover and resume operations following a disruptive event. A cyber-resilient organization can better respond to and recover from future cyber attacks. It can also resume normal business operations more quickly and effectively.

How to align cybersecurity and cyber resilience

Cybersecurity and cyber resilience should be used together to protect an organization.

Cybersecurity is needed to achieve resilience. It provides the foundation for a strong cyber-resilience program that incorporates the following:

• cybersecurity systems, including specialized servers and network devices;
• malware detection software;
• threat analysis software;
• perimeter protection systems;
• employees trained in managing cyber attacks;
• senior management support;
• regular awareness and training programs for employees;
• periodic exercises to ensure that cyber attacks can be managed;
• policies optimized for cyber resilience; and
• procedures to specify how to handle cyber attacks from beginning to end.

A key element of a cyber-resilience plan is to define normal business operations. A return to as close to normal as possible is the goal of a cyber-resilience program. The COVID-19 pandemic, for example, forced many businesses to adapt to new working conditions, with employees outside the traditional perimeter. Normal operations have thus changed to a hybrid work model for many. Regardless of what normal looks like, cybersecurity and cyber-resilience plans need to adapt to the new normal.

Cybersecurity vs. cyber resilience or both?

Cybersecurity plans ensure organizations are prepared for cyber attacks and can quickly recover and resume critical affected systems and technologies.

But this may not be enough if business operations are affected by the attack. If mission-critical applications were sabotaged by an attack, for example, it may take time to get replacement systems and their associated data in place. These kinds of consequences can be mitigated via disaster recovery (DR) and business continuity (BC) plans. DR plans can help recover disrupted IT assets using a variety of techniques, such as cloud recovery services, data backup facilities, backup copies of critical systems and a supply of spare components. BC plans should support cyber-resilience plans by activating procedures to recover business operations.

Both cybersecurity and cyber-resilience plans should be deployed, documented, periodically exercised, and regularly reviewed and updated. They can effectively complement BC and DR plans to create a program that keeps the business operating as usual, despite cyber attacks.