Cyber resilience requires multi-layered approach to be effective
IT systems and the data they contain must be resilient to ensure they can be recovered, even when an unplanned-for event occurs, says Al de Brito, senior consultant: Advisory Services at ContinuitySA.
As organisations increasingly focus on building resilience in the face of a shifting threat landscape, one of the key areas of concentration is the technology environment, including the data stored on the IT systems. Making the cyber environment resilient must be seen as a priority given its importance, says Al de Brito, Senior Consultant: Advisory Services at ContinuitySA.
“No organisation these days can run without access to its systems and data. It is thus imperative that both are not only protected as well as possible, but that they can be recovered as quickly as possible,” he says. “The cyber threat landscape is so fluid and fast-moving that it’s impossible to identify the most likely threats 100% — it is essential that the IT systems and the data they contain are rendered resilient in order to ensure they can be recovered even when an unplanned-for event occurs.”
The Business Continuity Institute’s Horizon Scan for 2019 found that cyber attacks and data breaches were the top threats for the coming 12 months — a clear indication not only of the nature of the threat landscape, but also the importance of this area of any business.
To build cyber resilience, De Brito says a multi-layered approach that encompasses people, processes and technology is required.
“Traditional cyber security approaches remain important, but they have typically tended to be seen in isolation. That approach is not sustainable because IT is integrated into the business itself — the two cannot be uncoupled,” he explains. “That’s why King IV has made technology and information governance a priority of the governing body.”
Principle 12 of King IV reads: “The governing body should govern technology and information in a way that supports the organisation setting and achieving its strategic objectives.”
In practice, the board and executive team are responsible for setting the strategy, while senior and middle management decide how the strategy should be implemented. Lower management and administration are tasked with the actual implementation, which obviously affects all employees.
“Everybody has to know what the security policies are, and take responsibility for adhering to them,” he says. “In addition, by building a security culture, employees become essential front-line ‘troops’, because they are best placed to spot any suspicious activities.”
People ultimately control both the technology and processes, so they are essential to building true cyber resilience. It is important that the organisation drives a mindset change as regards security generally, and cyber security in particular, based on awareness. Everybody needs to understand the psychological nature of the threat, and also what their individual roles and responsibilities are in the event of an incident.
“This kind of holistic approach can help create a resilient organisation that can protect, detect, respond to and recover from any cyber threat,” he concludes.
ContinuitySA is Africa’s leading provider of business continuity management (BCM) and resilience services and has been helping the continent’s public and private organisations become more resilient for more than 30 years. Delivered by highly skilled experts, its fully managed services include ICT and cyber resilience, enterprise risk management, work area recovery and BCM advisory—all designed to enhance business resilience in an age of escalating threat. By helping clients understand their risk profile, and then develop an appropriate risk-mitigation strategy, including the ability to recover swiftly from a disaster, ContinuitySA provides peace of mind for all stakeholders.
ContinuitySA operates the continent’s biggest network of recovery centres, with more than 20 000m2 of space in Gauteng (Midrand and Randburg), the Western Cape (Tyger Valley), in Kwa-Zulu Natal (Mount Edgecombe) as well in Botswana, Mozambique, Kenya and Mauritius.
ContinuitySA is a Gold Partner of the Business Continuity Institute (BCI) and was inducted into the prestigious BCI Hall of Fame in 2016. It is also a Gold Partner of Veeam, a leading global provider of software enabling Disaster Recovery as a Service and Backup as a Service.
ContinuitySA. Our business is keeping you in business.Additional information about ContinuitySA can be found at www.continuitysa.com . Network with ContinuitySA on Google+, LinkedIn, Twitter and Facebook.