True cyber resilience is a business enabler

Issue 4 2023 Security Services & Risk Management, Information Security


Patrick Evans.

“Cyber resilience is about much more than just cybersecurity. It’s about preventing operational disruptions of all kinds that may impact your profitability, productivity, and reputation,” says Patrick Evans, CEO of SLVA Cybersecurity.

South Africans are renowned for their resilience when facing a multitude of problems – from the high cost of living to rolling blackouts. However, the resilience of the average South African citizen is not always matched by the resilience of the businesses they run.

Your business – small or an enterprise – needs to be able to deal with things like power disruptions, unpredictable weather or civil disobedience, and for these you should have plans and contingencies ready, designed to cater for such disruptions. So when organisations are ‘secure by design’, they are more than just cyber secure, they are cyber resilient.

A resilience mindset

The problem is that too often, board members think of cyber as mainly a compliance scenario, rather than an enabler of the business. Moreover, while companies today often have a chief information security officer (CISO), they seldom receive the privilege of being part of the C-suite, and typically report to the CIO.

The reality is that cyber resilience requires a shift in the mindset and culture of the organisation. The first shift is that one needs to work from the assumption that your business operations will be interrupted at some point due to a cyberattack. This change in mindset is required by business leaders and executives, who need to start thinking about what resilient measures they can put in place across the company’s people, processes, and technology.

Until the board accepts that cybersecurity can serve as a business enabler, they won’t achieve this mind shift. And the reason it is an enabler is simple: a cyberattack will inevitably create operational disruption, which in turn impacts profitability, productivity, and even your company’s reputation in the market.

If you are a national or international business, the impact of such a disruption may be measured in millions of rands. To prevent this, business leaders have to engage in careful planning to ensure their organisations are able to withstand whatever the world throws at them.

A holistic, robust programme

Implementing a cyber resilience programme is imperative because cyber is more than IT, it is something that literally touches every part of your business. A robust programme will help you to understand which are your critical environments, the benefits they bring to the business, and the risk they pose to the company should they fail.

Such a programme views the business holistically, so for example you may need to make sure your supply chain is resilient, and that everybody you're dealing with – whether they're online or not – has the same, or similar, measures in place. You should come at this from a risk management point of view, seeking to understand the business risk first, before worrying about the cyber risk.

Of course, in order to help make the business more resilient, it is crucial that the right behaviour is inculcated in employees: How should they react in the event of a disaster? Does everybody know what the playbook looks like? How do they know what they need to do?

The question, then, is how to implement true cyber resilience. Part of the answer is to use a methodology that begins with communicating to everybody what the business is doing. You need to discover the current state of things and analyse those findings accordingly.

You also need to understand what your business-critical data and business-critical processes are. In other words, which applications are crucial to business operations. A good example is that your business may run SAP, but you still need to understand which aspects of SAP are the most critical to keep operational in a disaster.

Plan for change

Then you need to ensure that all the people that need to know the details and play a part in the plan are empowered to do that. Lastly, you need to continuously test and update the plan, because businesses aren't static, they change continuously.

Of course, being able to anticipate cyberattacks remains a key aspect of staying resilient, and there are mechanisms available to help businesses understand whether they're going to be targeted or not.

Ultimately, the best way to build cyber resilience is to first make sure that everybody understands what the business objectives are. From there, you build backwards from these objectives, determining the risks inherent in the objectives, and crafting a cybersecurity plan that has technology resilience built into it – by ensuring that the business priorities align with your people, processes and technologies and that the plan aligns to, and supports, the business effectively.

We call this secure by design.

Find out more at www.slva-cs.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
Unlocking new efficiencies in private security
Security Services & Risk Management Transport (Industry) Smart Home Automation Logistics (Industry)
Justin Manson, Sales Director at Webfleet, discusses how the urgent need to protect life, and to do so more efficiently, is driving continuous innovation in holistic home and residential security services in South Africa.

Read more...
Innovation and security go hand in hand
Technews Publishing Facilities & Building Management Security Services & Risk Management
In a world where the demand for tech innovation is matched only by the acceleration of cybersecurity threats, businesses face the challenge of balancing new product development and robust security measures.

Read more...
Fortinet establishes new point-of-presence in South Africa
News & Events Information Security
Fortinet has announced the launch of a new dedicated point-of-presence (POP) in Isando, Johannesburg, to expand the reach and availability of Fortinet Unified SASE for customers across South Africa and southern African countries.

Read more...
New tools for investigation and robust infrastructure security
News & Events Information Security
Cybereason continues to enhance its security platform, with recent updates introducing improvements in file search operations, investigation query results, and cloud workload protection, providing more granular data and faster key artefact identification.

Read more...
Bomb threat landscape in South Africa
Editor's Choice Security Services & Risk Management
Over the past 25 years, South Africa has faced thousands of bomb threats and explosive incidents annually, imposing a significant economic burden on the nation, costing billions of rand.

Read more...
Natural catastrophes and fire risks top concerns
Security Services & Risk Management Asset Management Residential Estate (Industry)
Natural disasters are the highest risk in the real estate industry, followed by fire and explosions, and then business interruption. Estates must prioritise risk management and take proactive measures to safeguard their assets, employees, and reputation.

Read more...