In today’s world of escalating cyber threats, organisations face unprecedented challenges trying to maintain IT and business operations without disruption. As the pressure to digitally transform continues, cyber resilience is fast emerging as the driving force behind survival and success. But with bad actors currently controlling the pace of change, organisations are having to find more and more ways to improve their security posture, which is why cyber resilience has gained popularity.As an approach, cyber resilience recognises the fact that an appropriate security posture is not just having the best defensive controls, but includes how to stay in business – no matter how significant the attack. The process is never complete, and instead must be constantly evolved to keep up with adversaries. That means that within their cyber security strategies, organisations must respond to the challenge of not only putting controls in place to prevent incidents from occurring, but also having the mechanisms set-up to be able to respond to and recover when they inevitably do. We call this being ‘Resilient by Design.’This is where a mindset shift is needed. According to our recent research report ‘Unlock the Resilience Factor: Why Resilient by Design is the Next Cyber Security Imperative’ 60% of IT leaders globally believe their organisation overly prioritizes prevention in its cyber security strategy, and more than half of the respondents (57%) say their leadership continues to define cyber security failure as initial access by a threat actor. This needs to change. Effective cyber resilience approaches that are ‘Resilient by Design,’ must go beyond the technical challenge of cyber prevention, and instead look at the situation far more holistically. They must answer the question: Do we have the ability across our business, infrastructure and people to prevent, withstand and recover from a successful attack?Preparing for the cyber stormThe analogy that comes to mind is that organisations should think of their cyber resilience as if they are preparing for a storm. If they only have an umbrella to hand, that will offer little protection against a hurricane. That is why humans rely so heavily on the weather forecast to warn us of coming storms – so we can take action to not only protect ourselves by seeking shelter, but also deploy additional security and recovery measures in advance. Continuing the analogy, there is more to overcoming the effects of a hurricane than just taking shelter. You also need to be able to prevent and withstand as much damage or impact as possible. Are building construction codes set up in such a way to endure the gale-force winds? Are there clean up plans after the storm clears – and are they prioritised to ensure essential services keep running?Of course, taking effective recovery measures means that you have to declare what those essential services are going to be beforehand. You might, for example, need ambulances to be able to go down roads to tend to the injured – meaning those roads have to be cleared first, and those ambulances are ready to go with medical staff available to equip them. Similar “cyber preparedness” steps have to be taken into consideration to become ‘Resilient by Design.’How to become ‘Resilient by Design’?Organisations need to ensure that they can respond quickly to cyber incidents. At Zscaler we are already helping our customers to shift to an architecture that can weather the cyber storm – not only putting appropriate security controls in place, but also replacing aging architectures that were built on what was effectively a house of cards. Per my introduction, we are also tackling the challenge from a more holistic point of view, looking beyond technology aspects and considering the full breadth of an organisation to deliver the capabilities for a robust response and recovery strategy. Forecasting cyber incidents, based on AI delivered insights should become part of the strategy as well. Additionally, as part of this, ‘Resilient by Design’ must encompass business capability requirements as well. The change to a zero trust based architecture, for example, not only solves the security challenges of digitized organisations, it also supports business agility and delivers a competitive advantage at the same time. With business capability an increasing part of the protection equation, security has already become a board level topic – and so too must resilience. Organisations need a business vision and an investment plan to switch gears to become truly cyber resilient. To continue to innovate with confidence, they also need to know they are as protected as possible, and able to recover from any incident without major interruption to business operations. The changing role of security Security’s role as a business enabler is a new paradigm that has become a reality in the past few years of transformation. In recognition of this, the CISO must also transform their role to reflect the more modern function of a BISO (Business Information Security Officer) and ensure that today’s security processes take business operations into account as well. As the security function matures, a ‘Resilient by Design’ approach is yet further evidence of the increasingly central role it is taking on. Looking ahead, organisations must leave the old school thinking of isolated security controls behind to achieve holistic resilience across their operations. In doing so, they will be able to weather whatever cyber security storms come their way. In today’s volatile world, being ‘Resilient by Design’ isn’t just a nice to have. It’s your ticket to get a competitive advantage and unlock The Resilience Factor.This blog summarizes the first episode of The Resilience Factor podcast series. You can listen to the full conversation of the podcast here.
[#item_full_content] In today’s world of escalating cyber threats, organisations face unprecedented challenges trying to maintain IT and business operations without disruption. As the pressure to digitally transform continues, cyber resilience is fast emerging as the driving force behind survival and success. But with bad actors currently controlling the pace of change, organisations are having to find more and more ways to improve their security posture, which is why cyber resilience has gained popularity.As an approach, cyber resilience recognises the fact that an appropriate security posture is not just having the best defensive controls, but includes how to stay in business – no matter how significant the attack. The process is never complete, and instead must be constantly evolved to keep up with adversaries. That means that within their cyber security strategies, organisations must respond to the challenge of not only putting controls in place to prevent incidents from occurring, but also having the mechanisms set-up to be able to respond to and recover when they inevitably do. We call this being ‘Resilient by Design.’This is where a mindset shift is needed. According to our recent research report ‘Unlock the Resilience Factor: Why Resilient by Design is the Next Cyber Security Imperative’ 60% of IT leaders globally believe their organisation overly prioritizes prevention in its cyber security strategy, and more than half of the respondents (57%) say their leadership continues to define cyber security failure as initial access by a threat actor. This needs to change. Effective cyber resilience approaches that are ‘Resilient by Design,’ must go beyond the technical challenge of cyber prevention, and instead look at the situation far more holistically. They must answer the question: Do we have the ability across our business, infrastructure and people to prevent, withstand and recover from a successful attack?Preparing for the cyber stormThe analogy that comes to mind is that organisations should think of their cyber resilience as if they are preparing for a storm. If they only have an umbrella to hand, that will offer little protection against a hurricane. That is why humans rely so heavily on the weather forecast to warn us of coming storms – so we can take action to not only protect ourselves by seeking shelter, but also deploy additional security and recovery measures in advance. Continuing the analogy, there is more to overcoming the effects of a hurricane than just taking shelter. You also need to be able to prevent and withstand as much damage or impact as possible. Are building construction codes set up in such a way to endure the gale-force winds? Are there clean up plans after the storm clears – and are they prioritised to ensure essential services keep running?Of course, taking effective recovery measures means that you have to declare what those essential services are going to be beforehand. You might, for example, need ambulances to be able to go down roads to tend to the injured – meaning those roads have to be cleared first, and those ambulances are ready to go with medical staff available to equip them. Similar “cyber preparedness” steps have to be taken into consideration to become ‘Resilient by Design.’How to become ‘Resilient by Design’?Organisations need to ensure that they can respond quickly to cyber incidents. At Zscaler we are already helping our customers to shift to an architecture that can weather the cyber storm – not only putting appropriate security controls in place, but also replacing aging architectures that were built on what was effectively a house of cards. Per my introduction, we are also tackling the challenge from a more holistic point of view, looking beyond technology aspects and considering the full breadth of an organisation to deliver the capabilities for a robust response and recovery strategy. Forecasting cyber incidents, based on AI delivered insights should become part of the strategy as well. Additionally, as part of this, ‘Resilient by Design’ must encompass business capability requirements as well. The change to a zero trust based architecture, for example, not only solves the security challenges of digitized organisations, it also supports business agility and delivers a competitive advantage at the same time. With business capability an increasing part of the protection equation, security has already become a board level topic – and so too must resilience. Organisations need a business vision and an investment plan to switch gears to become truly cyber resilient. To continue to innovate with confidence, they also need to know they are as protected as possible, and able to recover from any incident without major interruption to business operations. The changing role of security Security’s role as a business enabler is a new paradigm that has become a reality in the past few years of transformation. In recognition of this, the CISO must also transform their role to reflect the more modern function of a BISO (Business Information Security Officer) and ensure that today’s security processes take business operations into account as well. As the security function matures, a ‘Resilient by Design’ approach is yet further evidence of the increasingly central role it is taking on. Looking ahead, organisations must leave the old school thinking of isolated security controls behind to achieve holistic resilience across their operations. In doing so, they will be able to weather whatever cyber security storms come their way. In today’s volatile world, being ‘Resilient by Design’ isn’t just a nice to have. It’s your ticket to get a competitive advantage and unlock The Resilience Factor.This blog summarizes the first episode of The Resilience Factor podcast series. You can listen to the full conversation of the podcast here.
