The rapid evolution of cyberthreats leaves the gamut of risk assessment efforts undertaken by organizations inadequate in addressing cybersecurity concerns. The conventional approach of the hardening of IT assets and critical infrastructure elements has proven to be less effective against the innovative cyberattacks emerging in the industry, which means that organizations must work to improve the immunity and capability of these IT assets and critical infrastructure elements. A cyberresilience program can be the key.
Cyberresilience can refer to an organization's capability to withstand the disruptive cyberattacks launched by adversaries on the organization. Organizations must be prepared to absorb and adapt to adverse effects of cyberattacks and be able to recover in a short span of time. Being cyberresilient helps organizations in maintaining and ensuring their readiness to prevent and withstand the cyberattacks and restore their critical business operations to the maximum extent possible. Cyberresiliency can be considered as an integral element of the cybersecurity practice of an organization.
The objectives of cyberresiliency include not only protecting the critical information resources of the organization but also evolving the cybersecurity function to be better prepared to face new cyberthreats in the future. Program objectives will not be the same for every organization; they should be identified based on an organization’s specific culture, business priorities and risk appetite. Organizations should consider building and strengthening their cyberresilience program as a part of their overall operational resilience capability and should ensure it is aligned with their business and cybersecurity objectives. It is also important to develop and identify the critical competencies, processes and technology solutions required for the implementation of a cyberresilience program.
An effective cyberresilience program can help your organization become better secured for whatever comes next.
Editor’s note: For further insights on this topic, read Vimal Mani’s recent Journal article, “Demystifying the Implementation of Cyberresilience Programs,” ISACA Journal, volume 3, 2021.
Don't forget—Members can earn free CPE from ISACA Journal quizzes!