People power is the lost key to cyber resilience
Corporate and personal reputations are hard-won but they can be ruined in an instant. As countless examples have shown, businesses large and small are being successfully attacked by cyber criminals with often catastrophic impacts. The fact that so many organisations, of all sizes and in all sectors, have had their most valuable and commercially sensitive information compromised reflects the scale of the problem. It also highlights that no one is safe. All organisations are at risk and you can never be ‘bullet-proof’. But organisations can manage their cyber risks more effectively by adopting an organisation-wide response, led from the top that effectively balances business opportunities and risks as well as the processes, technologies and critically the people that make the organisation tick.
“It’s a well-known fact that the great majority of cyber-attacks succeed because of human error – an unwitting mistake made by anyone. “
Until this happens they will remain as vulnerable as anyone else. Cyber resilience can be described as the ability of any organisation to prevent, detect, respond and recover from the impacts of an attack with minimal damage to their reputation, market value or competitive advantage. In a resilient organisation protecting your business and most precious information is as much about preparing for an attack and setting up structures and processes to deal with one as and when it happens.
It’s a well-known fact that the great majority of cyber-attacks succeed because of human error – an unwitting mistake made by anyone. Anyone from the boardroom to the frontline. Cyber-criminals, like those in the real world, are opportunists and they are adept and persistent at exploiting these ‘unlocked doors’ into any organisation.
Your people should be your most effective defence against the risk of a data breach. Leaving them to their own devices (literally) and they may become your greatest vulnerability, but spread awareness via engaging, adaptive, regular and fun learning and they will help to protect the organisation from within.
As phishing attacks and social engineering continue to account for the large majority of successful cyber-attacks, influencing and improving human behaviours must sit at the heart of any effective organization-wide response. Future success depends on all of us recognising our part in the operational health of the organisation and feeling valued in that responsibility. Boards are ultimately responsible for the security of company data and they need to lead the required collaboration across the organisation. They have to set the right ‘tone from the top’ – do they see themselves as responsible and accountable?, do they talk about security in their staff communications?, are they interested in latest attacks and do they ask for and discuss regular intelligence on cyber risks and vulnerabilities .
Your information security team might know what constitutes effective resilience but are all departments, including Risk, HR, Legal, Marketing and Comms on the same page? This is just as true of growing businesses as it is for the global corporates. Large corporates may be the big prize but SMEs are equally at risk, often representing an easier ‘route in’ for any attack providing fertile ground for hacking groups to exploit. The critical thing to remember is that if you are a business and you are connected to the internet then you are a target and you will be attacked. Criminals can target you from anywhere in the world and once they get what they came for they can melt away leaving little or no trace. Becoming the victim of such an intrusive crime can be devastating and many companies never properly recover.
Without adopting an organisation-wide response that understands your critical cyber risks and vulnerabilities, and ensuring your people become champions in protecting what’s most critical and valuable to you it is just a matter of time before you’ll be expected to respond to a significant data breach. Where would you rather be? AXELOS has developed RESILIA, a portfolio of cyber resilience best practice publications, certified training, all staff awareness learning and leadership engagement tools designed to put people at the centre of an organisation’s cyber resilience strategy, enabling them to effectively recognize, respond to and recover from cyber-attacks.