Six steps to achieving cyber resilience through better cyber security

Johannesburg, 06 Jun 2017
Read time 2min 10sec

Security should be the enabler of the digital world. The ability to detect, protect, remediate and recover from a cyber threat is critical. Cyber resilience has become an elevated topic of discussion at board level. This has received further attention as a result of the recent WannaCry ransomware global attack.

Speaking at an event focusing on cyber resilience, hosted by ContinuitySA, Sean Duffy, Executive: Cybersecurity at Dimension Data Middle East and Africa, stated: "Organisations should adopt a risk-based approach to cyber security that is aligned to each organisation's business objectives."

Cyber security risks should be elevated and managed in line with an organisation's enterprise risk programme. Cyber risk is a business responsibility and not only that of the IT department.

Furthermore, Duffy stated: "Cyber security incidents will happen and organisations need to improve the security posture from a reactive to a predictive state, thus building cyber resilience."

Duffy contends that in order to achieve a business-driven, risk-aware approach to cyber security, organisations have to begin with the business itself: understand the organisation's objectives and the aligned organisational risk appetite.

Only once this is understood, can the non-technical and technical security controls be implemented. All controls that are defined need to be measurable and aligned to an industry security framework. Through this approach, organisations will be better suited to meet their operational continuity requirements.

To achieve cyber resilience, the following should be considered:

* Align IT and business to a cyber resilience strategy;
* Use a common language to enable alignment;
* Ensure board-level accountability for cyber risk and drive responsibility to C-level executives;
* IT and business must collaborate in establishing the correct balance between the organisation's risk appetite and need to be resilient;
* IT security should move from a controlling mind-set focused on control, to promoting an integrated, comprehensive cyber strategy powered by people, processes and technology; and
* Organisations need to adopt a culture of preparation, prevention, detection, response and recovery.

"To align cyber security and business strategies to build overall cyber resilience, but without compromising operational effectiveness, is complex, and needs to be done within the overarching business resilience strategy," adds Jeremy Capell, GM: Advisory Services at ContinuitySA. "In this context, investing in specialist business resilience consulting makes excellent sense."


ContinuitySA is Africa's leading provider of business continuity management services to public and private organisations. Delivered by highly skilled experts, its fully managed services include ICT resilience, enterprise risk management, work area recovery and BCM advisory - all designed to enhance business resilience in an age of escalating threat. By helping clients understand their risk profile, and then develop an appropriate risk-mitigation strategy, ContinuitySA provides peace of mind for all stakeholders.

ContinuitySA operates the continent's biggest network of recovery centres, with more than 20 000m2 of space in Gauteng (Midrand and Randburg), the Western Cape (Tyger Valley and Somerset West), in KwaZulu-Natal (Mount Edgecombe) as well in Botswana, Mozambique, Kenya and Mauritius.

ContinuitySA is a Gold Partner of the Business Continuity Institute and the recipient of the BCI's 'Continuity and Resilience Provider' Award for the third consecutive year in 2016.

ContinuitySA. Our business is keeping you in business.

Additional information about ContinuitySA can be found at Network with ContinuitySA on Google+, LinkedIn, Twitter and Facebook.

Editorial contacts
Warstreet Marketing Rebecca Warsop (011) 807 9842
See also