Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

True cyber resilience is a business enabler

Issue 4 2023 Security Services & Risk Management, Information Security


Patrick Evans.

“Cyber resilience is about much more than just cybersecurity. It’s about preventing operational disruptions of all kinds that may impact your profitability, productivity, and reputation,” says Patrick Evans, CEO of SLVA Cybersecurity.

South Africans are renowned for their resilience when facing a multitude of problems – from the high cost of living to rolling blackouts. However, the resilience of the average South African citizen is not always matched by the resilience of the businesses they run.

Your business – small or an enterprise – needs to be able to deal with things like power disruptions, unpredictable weather or civil disobedience, and for these you should have plans and contingencies ready, designed to cater for such disruptions. So when organisations are ‘secure by design’, they are more than just cyber secure, they are cyber resilient.

A resilience mindset

The problem is that too often, board members think of cyber as mainly a compliance scenario, rather than an enabler of the business. Moreover, while companies today often have a chief information security officer (CISO), they seldom receive the privilege of being part of the C-suite, and typically report to the CIO.

The reality is that cyber resilience requires a shift in the mindset and culture of the organisation. The first shift is that one needs to work from the assumption that your business operations will be interrupted at some point due to a cyberattack. This change in mindset is required by business leaders and executives, who need to start thinking about what resilient measures they can put in place across the company’s people, processes, and technology.

Until the board accepts that cybersecurity can serve as a business enabler, they won’t achieve this mind shift. And the reason it is an enabler is simple: a cyberattack will inevitably create operational disruption, which in turn impacts profitability, productivity, and even your company’s reputation in the market.

If you are a national or international business, the impact of such a disruption may be measured in millions of rands. To prevent this, business leaders have to engage in careful planning to ensure their organisations are able to withstand whatever the world throws at them.

A holistic, robust programme

Implementing a cyber resilience programme is imperative because cyber is more than IT, it is something that literally touches every part of your business. A robust programme will help you to understand which are your critical environments, the benefits they bring to the business, and the risk they pose to the company should they fail.

Such a programme views the business holistically, so for example you may need to make sure your supply chain is resilient, and that everybody you're dealing with – whether they're online or not – has the same, or similar, measures in place. You should come at this from a risk management point of view, seeking to understand the business risk first, before worrying about the cyber risk.

Of course, in order to help make the business more resilient, it is crucial that the right behaviour is inculcated in employees: How should they react in the event of a disaster? Does everybody know what the playbook looks like? How do they know what they need to do?

The question, then, is how to implement true cyber resilience. Part of the answer is to use a methodology that begins with communicating to everybody what the business is doing. You need to discover the current state of things and analyse those findings accordingly.

You also need to understand what your business-critical data and business-critical processes are. In other words, which applications are crucial to business operations. A good example is that your business may run SAP, but you still need to understand which aspects of SAP are the most critical to keep operational in a disaster.

Plan for change

Then you need to ensure that all the people that need to know the details and play a part in the plan are empowered to do that. Lastly, you need to continuously test and update the plan, because businesses aren't static, they change continuously.

Of course, being able to anticipate cyberattacks remains a key aspect of staying resilient, and there are mechanisms available to help businesses understand whether they're going to be targeted or not.

Ultimately, the best way to build cyber resilience is to first make sure that everybody understands what the business objectives are. From there, you build backwards from these objectives, determining the risks inherent in the objectives, and crafting a cybersecurity plan that has technology resilience built into it – by ensuring that the business priorities align with your people, processes and technologies and that the plan aligns to, and supports, the business effectively.

We call this secure by design.

Find out more at www.slva-cs.com




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Smarter access, stronger defence
Secutel Technologies Security Services & Risk Management Access Control & Identity Management Retail (Industry)
The holiday season brings excitement, increased foot traffic and, unfortunately, a spike in criminal activity targeting retail environments. Taking a proactive approach to security is essential in ensuring staff and assets remain safe.

Read more...
Who are you?
Access Control & Identity Management Information Security
Who are you? This question may seem strange, but it can only be answered accurately by implementing an Identity and Access Management (IAM) system, a crucial component of any company’s security strategy.

Read more...
Check Point launches African Perspectives on Cybersecurity report
News & Events Information Security
Check Point Software Technologies released its African Perspectives on Cybersecurity Report 2025, revealing a sharp rise in attacks across the continent and a major shift in attacker tactics driven by artificial intelligence

Read more...
What is your ‘real’ security posture?
BlueVision Editor's Choice Information Security Infrastructure AI & Data Analytics
Many businesses operate under the illusion that their security controls, policies, and incident response plans will hold firm when tested by cybercriminals, but does this mean you are really safe?

Read more...
What is your ‘real’ security posture? (Part 2)
BlueVision Editor's Choice Information Security Infrastructure
In the second part of this series of articles from BlueVision, we explore the human element: social engineering and insider threats and how red teaming can expose and remedy them.

Read more...
AI rewrites financial crime
Security Services & Risk Management Financial (Industry)
Criminals are exploiting South Africa’s high connectivity and still-maturing regulation to scale attacks faster than we can defend them. The speed and sophistication of these scams are outpacing the systems designed to stop them.

Read more...
Strengthening organisational integrity in 2026 and beyond
iFacts Security Services & Risk Management
In 2026, the risks facing organisations, whether in the corporate sector or government, will be more complex and far-reaching. Employee screening will have to be more complex and comprehensive.

Read more...
Kaspersky finds security flaws that threaten vehicle safety.
News & Events Information Security Transport (Industry)
At its Security Analyst Summit 2025, Kaspersky presented the results of a security audit that exposed a significant security flaw enabling unauthorised access to all connected vehicles of one automotive manufacturer.

Read more...
Syndicates exploit insider vulnerabilities in SA
Information Security Security Services & Risk Management
Today’s cyber criminals do not just exploit vulnerabilities in your systems; they exploit your people, turning trusted team members into unwitting accomplices or deliberate collaborators in their schemes.

Read more...
GenAI fraud forcing banks to shift from identity to intent
AI & Data Analytics Information Security Financial (Industry)
The complexity and velocity of modern fraud schemes, from deepfakes to fraud and scams involving social engineering, demand more than just investment in new tools; they need adaptability and expanding the security net.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.