Downtime has always been a serious threat to business. In a study conducted by IBM, 48.5% of respondents said that one hour of outage would have a “severe business impact” – a figure which now seems surprisingly low.
Cyber resilience – building systems and processes to maintain confidentiality, integrity and availability of data – is therefore a key strategy in improving overall business resilience. And there are ways you can begin increasing resilience today.
Often, cyber resilience issues are caused by a lack of skills, experience and direction in house. Just 54% of businesses profiled in the PriceWaterhouse Cooper Global State of Information Security Survey employ a Chief Information Security Officer (CISO) for instance.
These shortfalls are not simply strategic however. 46% of IT professionals believe there is a cybersecurity skills shortage in their organisations.
True cyber resilience is a combination of people, processes and technology, so hiring technical experts to strengthen your IT department will be crucial. Alternatively, consider partnering with a suitably experienced cyber resilience provider who can supply you with technical consultants in the short term.
The cybersecurity skills shortage looks set to continue throughout 2018, leaving many businesses unable to employ the people they need. Instead of trying to resolve every issue in-house, CISOs and CTOs should investigate opportunities to outsource processes and systems.
Shifting infrastructure and applications to the Cloud offers increased cyber resilience as standard. The distributed, load-balanced nature of Cloud data centres dramatically reduces the impact on your operations in the unlikely event one goes offline.
Similarly, integrity of systems should also be upheld because data and resources are available in more than one place, preventing the creation of a single point-of-failure.
Outsourcing is not simply a technical exercise however. The CISO will need to partner with a provider who understands and upholds GDPR and PCI DSS obligations regarding confidentiality. Partners will need to clearly demonstrate their understanding, and be prepared to offer safeguards and guarantees that the data and systems being protected will be handled in line with your organisation’s commitments.
Importantly, the people already employed by your business also have a part to play in cyber resilience. All too often cyber attacks and information leaks are caused by human error – clicking malicious links, disclosing passwords or simply mislaying physical copies of data for instance.
While PCI DSS assigns responsibilities to individuals handling specific customer payment details, the Global Data Protection Regulation expects all employees to play their part in keeping customer information safe. You must equip all of your employees with basic data protection knowledge and skills if you are to improve cyber resilience.
The benefits of a well-trained workforce are readily apparent too. Not only will you encounter fewer confidentiality breaches, but general productivity should also increase, and you should see fewer mistakes in your data, boosting integrity.
Look in, look out, look in again
There are many ways to strengthen cyber resilience, and there is nothing to stop your business making improvements today. Hiring and outsourcing takes time undoubtedly, but training and consultancy can begin immediately, making your organisation better placed to meet the challenges of the data-driven marketplace.
To learn more about training, consultancy and outsourcing that can help your business thrive, please get in touch.