Becoming cyber resilient is not easy. It all seems so simple.
‘Be proactive rather than reactive.’ ‘Take pre-emptive measures.’
So, what stops enterprises from becoming cyber resilient? There are a number of hurdles:
- Information Silos: Cyber resilience is primarily considered the responsibility of CISOs when every single member of the organization should participate.
- Ineffective seminars: Even in enterprises that recognize that cyber resilience is a business issue, it is still up to the CISO’s to impart knowledge to staff and management which may not be as effective as one might believe. The approach in these seminars is to change human behavior which is seemingly difficult and does not take into account breaches that have nothing to do with human errors.
- Retaining top talent: Businesses fail to hire and retain talented CISOs which can greatly affect the resiliency of the company.
Improving cyber resilience: A 3-step process
- Risk assessment: Factors that decide the inherent risk are technologies, distribution channels, services and products, infrastructure and the operating environment. Once this is assessed, a rating - high, medium or low is assigned. This can be thought of as the expected level of resilience.
- Maturity assessment: Every inherent risk level is then mapped to a maturity risk. The domains involved to assess maturity level are - Situational awareness, governance, protection, identification, detection, response and recovery and third-party risk management. This helps to identify the actual level of resilience.
- Roadmap: By assessing inherent risks and maturity levels, gaps are identified and consecutively solutions are deployed.