Downtime has always been a serious threat to business. In a study conducted by IBM, 48.5% of respondents said that one hour of outage would have a “severe business impact” – a figure which now seems surprisingly low.

Cyber resilience – building systems and processes to maintain confidentiality, integrity and availability of data – is therefore a key strategy in improving overall business resilience. And there are ways you can begin increasing resilience today.

Insource

Often, cyber resilience issues are caused by a lack of skills, experience and direction in house. Just 54% of businesses profiled in the PriceWaterhouse Cooper Global State of Information Security Survey employ a Chief Information Security Officer (CISO) for instance.

These shortfalls are not simply strategic however. 46% of IT professionals believe there is a cybersecurity skills shortage in their organisations.

True cyber resilience is a combination of people, processes and technology, so hiring technical experts to strengthen your IT department will be crucial. Alternatively, consider partnering with a suitably experienced cyber resilience provider who can supply you with technical consultants in the short term.

Outsource

The cybersecurity skills shortage looks set to continue throughout 2018, leaving many businesses unable to employ the people they need. Instead of trying to resolve every issue in-house, CISOs and CTOs should investigate opportunities to outsource processes and systems.

Shifting infrastructure and applications to the Cloud offers increased cyber resilience as standard. The distributed, load-balanced nature of Cloud data centres dramatically reduces the impact on your operations in the unlikely event one goes offline.

Similarly, integrity of systems should also be upheld because data and resources are available in more than one place, preventing the creation of a single point-of-failure.

Outsourcing is not simply a technical exercise however. The CISO will need to partner with a provider who understands and upholds GDPR and PCI DSS obligations regarding confidentiality. Partners will need to clearly demonstrate their understanding, and be prepared to offer safeguards and guarantees that the data and systems being protected will be handled in line with your organisation’s commitments.

Resource

Importantly, the people already employed by your business also have a part to play in cyber resilience. All too often cyber attacks and information leaks are caused by human error – clicking malicious links, disclosing passwords or simply mislaying physical copies of data for instance.

While PCI DSS assigns responsibilities to individuals handling specific customer payment details, the Global Data Protection Regulation expects all employees to play their part in keeping customer information safe. You must equip all of your employees with basic data protection knowledge and skills if you are to improve cyber resilience.

The benefits of a well-trained workforce are readily apparent too. Not only will you encounter fewer confidentiality breaches, but general productivity should also increase, and you should see fewer mistakes in your data, boosting integrity.

Look in, look out, look in again

There are many ways to strengthen cyber resilience, and there is nothing to stop your business making improvements today. Hiring and outsourcing takes time undoubtedly, but training and consultancy can begin immediately, making your organisation better placed to meet the challenges of the data-driven marketplace.

To learn more about training, consultancy and outsourcing that can help your business thrive, please get in touch.

 

Marco Borza

Written by Marco Borza

I am the Founder of Advantio.
Technology has been my passion since I was a kid; when I first heard the handshake of an old 300bps modem I realised security would be key in an interconnected world. Since then it has become my passion and primary focus.
The reason why I've started my own business is to make IT Security simple.

Certifications: CISSP / CCSA (Checkpoint) / ITIL Foundations / ACSA (ArcSight)/ Linux+/ PCI-QSA / PA-QSA