Who’s responsible for Cyber Resilience in your organisation?
Before you say the IT department, think again.
Cyber resilience is an organisation-wide approach which combines cyber security with business resilience, enabling an organisation to better prepare for, respond to and recover from cyber-attacks and breaches.
60% of small businesses who experience a cyber-attack go out of business within six months. For those businesses that continue to operate, the consequences of an attack can still be harmful. Reputational damage, stolen assets or data, hefty fines, terminated contracts, and financial losses are just some of the potential effects of a cyber-attack. Ultimately they threaten a businesses’ ability to operate, which is why cyber needs to be championed from the top. Yet cyber is still frequently considered to be an issue for the IT department.
DS Symon Kendall of Tarian Regional Cyber Crime Unit explains that, “this is generally due to the term cyber being associated with a need for technical knowledge. Yet the input from an IT department or service provider is just one aspect of cyber resilience and businesses are putting themselves at risk by reducing cyber to an IT problem.”
“It can help to think of cyber security as the technical element, and cyber resilience as the business continuity element. Both are vital, but the latter does not require innate technical knowledge.”
Unfortunately cyber-attacks and breaches are becoming inevitable; it is not a question of if, but when. And strong cyber resilience can enable a business to continue to operate during and after an attack. Business leaders need to understand the risks posed, and to consult with departments across the organisation – including IT but also (if present) HR, Accounting, Public Relations, and more – in order to develop appropriate policies and plans which are the result of a collaborative effort.
“Not only will this help the business leader to create an informed continuity plan,” continues Symon, “but it will also help to create a holistic approach to cyber resilience with all divisions and levels of the business now thinking about the role they need to play.”
Getting started with cyber resilience can seem daunting, but Tarian Regional Cyber Crime Unit can help. A multi-disciplinary team of Police Officers and Police Staff seconded from the three Welsh forces, the unit is tasked with investigating online criminality whilst also working with businesses and organisations across the region to enable them to better understand the cyber threat, and how they can work to protect themselves. Tarian’s services are fully-funded and provided at no cost to the service user. The services range from presentations and mock phishing exercises for staff, through to cyber resilience exercising for business-leaders. As well as a newly developed tool, Police CyberAlarm. Police CyberAlarm is a fully funded tool which has been developed by the National Police Chief’s Council to enable organisations to minimise their cyber vulnerabilities. It monitors the organisation’s internet traffic. This means it will detect suspected malicious activity and provide regular reports to the organisation and the police. This enables organisations to minimise and understand their vulnerabilities. It also supports local, regional and national police levels to identify trends, react to emerging threats and identify, pursue and prosecute cyber criminals.