Johannesburg, 03 Jun 2022
Businesses are being urged to implement cyber resilience strategies that bring cyber security, incident response, disaster recovery and business continuity together.
This is according to Kudakwashe Charandura, head of cyber advisory at SNG Grant Thornton, who says as cyber crime is growing in both frequency and sophistication, traditional security tools and solutions are no longer effective
To mitigate this, he says, businesses now need to build a robust cyber resilience strategy to enable them to maintain business continuity should a security incident occur.
“Cyber resilience puts the business at the centre of everything. The goal of cyber resilience is to ensure the business resume operations immediately with minimal impact, so that the business remains sustainable,” he says.
Charandura addressed the ITWeb Security Summit 2022 this week on cyber resilience, cautioning businesses to implement cyber resilience strategies that sustains them and focus on the business goals and objectives.
Also, he says, these strategies must trust no one and verify everything (zero trust) and must embed cyber in people, process and technology.
He used the analogy of a stool with three legs (people, process and technology) and underscored the need to balance this stool.
“Businesses tend to focus of acquiring and deploying tools and technology forgetting that a tool without supporting process and people is no different from a poster or decoration on the wall,” he says.
According to Charandura cyber resilience strategies must build “layers and layers” around the business’s crown jewels.
He explains: “View cyber resilience like an onion with layers and layers of measures making it difficult for cyber criminals to break in and access the crown jewels. View cyber resilience like a castle, with multiple security measures in place to deter attackers.”
This defence in depth strategy is moulded after the military model, which demonstrates that it is far more difficult to penetrate multiple layers of physical or non-physical defences, than to merely break through a single line of defence,
He adds that these strategies must build resilience to anticipate, withstand, recover and adapt from cyber attacks and bring business continuity, disaster recovery, incident response and cyber security plans together.
Some of SA’s top organisations have been victims of cyber criminals in the past few months. Dis-Chem, TransUnion, Experian are among the entities that have been attacked.
To minimise the effects of an attack, Charandura says, businesses need to implement cyber resilience strategies that “trusts no one and verifies everything”.
Further, he says to achieve cyber resilience need to overcome challenges that include rising cyber attacks, emerging cyber threats, and lack of cyber skills, among other impediments.
Charandura cites additional challenges businesses need to overcome to achieve resilience such as lack cyber awareness, limited budgets, emerging complex technologies, and increase in use of technology.
In ending, Charandura warns that rising cyber attacks, a lack of cyber skills and cyber awareness, limited budgets, emerging complex technologies, and connectivity, are some the factors that emphasise the need to build cyber resilience.
The most advanced businesses, even ones that develop cyber security solutions and tools are being hacked, and as such, businesses need to be prepared for an attack. They need to anticipate, withstand, recover from attacks, and realise that it’s only a matter of time before a breach occurs, he concludes.
Share