Digital Resilience Is A Step Up From Cybersecurity

Uploaded on 2018-08-23 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

For many years those working in cybersecurity fought hard to elevate the issue beyond the realms of the IT department and into the boardroom. Recent evidence suggests that the message is finally starting to get through. According to a study by US consultants McKinsey, 75 percent of executives said they considered cybersecurity to be a top priority.

Another survey by UK consultants KPMG revealed that cybersecurity was very much on the agenda in UK boardrooms, with 74 percent of UK business leaders agreeing that cybersecurity was an enabler of trust, and 45 percent believing cybersecurity specialists were an effective part of the business.

Now, however, we are gearing up for the next battle, to convince organisations of the importance of digital resilience.

Resilience is one of the most valuable long-term properties of an organisation, defining its ability to grow and survive in a changing environment by successfully implementing evolving strategies.

As crises are often driven by events that are beyond their control, resilient organisations are those that are best prepared to face and adapt to the challenges ahead.

As the Internet of things becomes a reality and the adoption of connected devices continues apace, it’s clear we are heading towards a future in which we will all be dependent on digital technology. Despite many organisations adopting “digital first” or even “digital only” strategies, few have grasped how dependent their core business processes are on digital technology. In the event of disruption or failure, switching to processes that are less dependent on technology are often no longer possible.

Digital resilience therefore represents a fundamental change in the way we understand digital technology, risk and opportunity.

As a concept it is much talked about but ill-defined, so the first step is to agree a simple and concise definition of what it actually means in a business context. I propose the following:

Digital Resilience, an organisation’s ability to maintain, change or recover technology-dependent operational capability.
In a constantly evolving digital environment, organisations must be able to move quickly and seamlessly to adopt new digital technology solutions and then to recover, rebound and move forward if things go wrong.

Many commentators talk about digital resilience only in terms of cybersecurity, like this recent McKinsey blog, which says organisations are working towards a situation in which they design their business processes and IT systems to “facilitate the protection of critical information and to implement strong cyber defenses and effective plans for responding to cyberattacks.”

That is true, but digital resilience should be seen much more widely than just through a narrow cybersecurity focus.

The digital resilience banner encompasses several other important business concepts including change management, business resilience, operational risk and even competitiveness, as recently alluded to in this excellent white paper on Digital Resilience published by the Shearwater Group and the Institute for Strategy, Resilience & Security.

Digital resilience is the very foundation of the modern business and should be recognised as the most valuable long-term property of an organisation, something to be managed at senior level but understood by everyone at all levels. If operational resilience and business competitiveness go hand-in-hand, then digital resilience is paramount to achieving both of those.

Being digitally resilient means an organisation is well-placed to adopt new systems and processes, ensuring continued competitiveness and business survival.

It means assessing new technologies in terms of their impact on overall business resilience. More secure may not necessarily mean more resilient; if a solution introduces processes that are flawed or causes business inflexibility then this may affect competitiveness.

Any new digital infrastructure must therefore be assessed in terms of its overall impact on business resilience, both in terms of opportunity and risk.

The more tightly coupled and efficient that digital processes are during normal operation, the more disruption poses a threat to operational, digital and therefore business resilience.

People, technologies and processes represent a complex operational environment where failure of any one component part can cause a cascading effect that has the potential to render core processes inoperable.

Identifying each component part and their risk and evolutionary attributes will support competitiveness and both digital and business resilience.

Digital resilience also requires a fundamental shift in how organisations manage risk and opportunity, traditional models of risk mitigation and impact analysis are no longer sufficient.

It must be assessed in terms of combinations of long-tail effects and an organisation’s ability to anticipate, respond, learn and evolve appropriately to shifts in a hyper-networked digital environment.

Digital resilience thinking ensures that the entire organisation is considered and challenged in the light of enabling and balancing growth, evolutionary change and security needs appropriately.

CSO Online

You Might Also Read: 

Get Your Data Strategy On Board:

Strategies For A Cyber Security Culture (£):

 

 

« Alaska Dusts Off Its Typewriters
SamSam: $6 million Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

securitycurrent

securitycurrent

Security Current's proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

IXDen

IXDen

IXDen provides a novel software-based approach to OT systems protection, covering Industrial IoT cybersecurity and sensor data integrity.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

HCC Embedded

HCC Embedded

HCC’s mission is to ensure that data stored or communicated by an embedded IoT application is secure, safe and reliable.

ePlus

ePlus

ePlus designs and delivers effective, integrated cybersecurity programs centered on culture and technology, aimed at mitigating business risk and empowering digital transformation.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

KT Secure

KT Secure

KTSecure’s mission is to provide proven and productive cyber security solutions and managed services, backed by our highly qualified and passionate team of experts.

East Midlands Cyber Resilience Centre (EMCRC)

East Midlands Cyber Resilience Centre (EMCRC)

The East Midlands Cyber Resilience Centre is set up to support and help protect businesses across the region against cyber crime.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

SITS Group

SITS Group

SITS Group excel in delivering a comprehensive range of Cyber Security consulting and managed services, from cloud transformation to risk management.