In the post-pandemic world, most people understand the concept of resiliency, which refers to the capacity to recover quickly from some form of adversity - be that Covid-19 infection, cyber-attack, natural disaster, geo-political tensions, and even cyber and kinetic conflict.
Business leaders are increasingly understanding the benefits of taking steps to prevent business disruption because the pandemic has made it clear that businesses need to ensure resiliency at all levels to mitigate any disruption to normal business operations.
Due to the increase reliance of businesses on information technology to function, cyber resilience has become an important area of focus to ensure that all IT systems are able to recover quickly should they be impacted by power cuts, cyber-attacks, or other disruptions.
Cyber resilience is something that is typically build up over time, that requires continuous attention, and that touches on several aspect of cyber security, including disaster recovery and business continuity.
However, cyber resilience capabilities are essential not only in IT systems, but also in critical infrastructure, business processes, organizations, societies, and even countries. For this reason, cyber resilience is also increasingly understood to extend beyond technological resilience to include financial, operational, organizational, and reputational resilience.
First and foremost, resiliency is about being able to continue business operations despite unforeseen or unpredictable adverse conditions, but it is also about being agile enough to adapt and innovate to get the most out of prevailing conditions as well as emerge stronger from any crisis. Therefore, resiliency is the ultimate goal in ensuring business survival.
Now, more than ever before, it is important for organizations to embrace the goal of resiliency and develop ways of managing it to ensure that is applied to every aspect of the business at every level, including the use, application and security of information technology and data.
Recovery from my perspective is something which is not considered as being important enough, and not enough prioritized yet for what we need to. We need to get better in recovery and resilience to be able to restart services, to keep our businesses alive.
— Martin Kuppinger, Principal Analyst, KuppingerCole.
Because we understand the importance of cybersecurity resilience, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats.
This includes live events such as the Cybersecurity Leadership Summit taking place in Berlin and online from 8-10 November 2022. The agenda covers a wide range of security leadership topics including presentations on: Building Enterprise Security Resilience, Building Resilience after a major Incident, The Changing Face of Resilience, and Resilience and the Need for Privacy.
Other presentations in the CSLS track dedicated to building resilience include: Successfully tackling your Digital Supply Chain Risk, Risk-Based Cyber Reporting Best Practices, and NIS2 Directive – What It Is and Why You Need to Prepare.
Earlier today at CSLS in Berlin, there was a workshop entitled: Strategy, Risk, and Security: Building Business Resilience for Your Organization, which will highlight the most important steps of an organization's journey to prepare for and even embrace disruptive events and circumstances as part of a holistic, sustainable business approach.
Insight
A good place to start finding out more about building and managing a cyber resilience capability is this Insight on Business Resilience Management, which lays out the basics of the concept, some of the business benefits, and some approaches to achieving it.
Research
The following KuppingerCole Leadership Compass report touches on the topic of resiliency: Infrastructure as a Service – Global Providers and API Security Management.
As more organizations adopt cloud services, resiliency in this area has become increasingly important. For guidance on understanding the requirement and finding appropriate solutions, have a look at this Market Compass on Cloud Backup and Disaster Recovery.
Advisories
Maintaining good cyber hygiene is a continuous process and the cyber security routines must include checkpoints that are regularly monitored and reviewed. All these mundane tasks are the essential foundation of for cyber resilience, as detailed in this Leadership Brief entitled: Cyber Hygiene: The Foundation for Cyber Resilience.
For more information on the steps organizations can take to increase their resilience to cyber-attacks, see this Leadership Brief on Security Fabric: A Methodology for Architecting a Secure Future on how business continuity management fits into a well-defined Security Architecture.
To find out how to not only meet the requirements to run your business in a cost-effective, sustainable, compliant, and agile way, but also to improve security and governance, maintain strategic business objectives, and maintain a consistent focus on the sustainability and resilience of IT, see this Leadership Brief on Working for the Business, not the Auditors.
Cyber resilience is a requirement of a growing number of national and regional regulations. Find out about the increased obligations of European organizations in coming legislation in this Leadership Brief on the EU NIS2 Directive.
Review the list of other resilience-related Advisory Notes below and choose those that meet your needs or interests:
- Business Continuity in the age of Cyber Attacks
- Firewalls Are Dead - How to Build a Resilient, Defendable Network
- From Data Leakage Prevention (DLP) to Information Stewardship
- Understanding and Countering Ransomware
Audio/video
Get an overview of the pillars of a proactively resilient IT infrastructure by watching this CSLS 2022 workshop entitled: Your Path to Ransomware Resilience and watch this discussion from this year’s European Identity and Cloud (EIC) conference to find out more about The Role of Identity & Access Management for Ransomware Resilience.
Learn about the value cyber resilience can offer an organization in this presentation entitled: Cyber Resilience - Regulatory Developments in the Financial Services Industry (and Beyond) and find out why in a digital business, cyber resilience is a central element of business resilience in this video on Why BCM/BCRM and Cybersecurity Must Converge.
Find out how applying greater identity assurance and least privilege principles organizations can dramatically improve their overall cyber resilience in this presentation on Promoting Cyber Resilience through Identity and Zero Trust.
As organizations begin to understand the importance of resilience, they are re-evaluating their security priorities. To find out how to do this successfully, listen to this Analyst Chat on Setting your Cybersecurity Priorities Right.
Learn how to apply the concepts of cyber resistance and cyber resilience to the current technology landscape in this presentation entitled: Knowing differences between Cyber Resistance and Cyber Resilience.
Discover several deception use cases that can dramatically increase cyber resilience without attracting more attackers in this presentation entitled: Vampires & Cybersecurity: Using Deception to Increase Cyber Resilience.
Understand the importance of resilience in protecting modern industrial environments in this panel discussion on Industry 4.0 - How to Build a Dynamic Cyber Defence.
Watch this video for a panel discussion on Managing Cyber Supply Chain Risks and Achieving Digital Business Resilience, or watch Dr Carsten Bange of the Business Application Research Center (BARC) explain How Big Data Technology can help Increase Cyber Attack Resilience.
Blogs
Securing data in untrusted environments, such as public clouds and external parties, strengthens organizations’ cyber resilience. Find out more in this Blog Post on Fully Homomorphic Encryption at a Glance.
Discover how Attack Surface Management solutions work and how they can help improve cyber resilience in this Blog Post on the Ever-Growing Attack Surface and find out how resilience is one of the key Elements of a Disaster Operations Plan.
It is important to integrate cybsersecurity and business continuity. Find out why in this blog post on Redefining the Role of the CISO – Cybersecurity and Business Continuity Management Must Become One.
Webinars
Learn how to build cyber resilience through a Zero Trust approach to security, discover how deploying segmentation can improve an organization’s cyber resilience, and understand why a single cyber resilience strategy for IT and OT is good practice by watching this Webinar on A Zero Trust Approach to Cyber Resilience.
Learn what constitutes a comprehensive business continuity and resilience management plan, check out this Webinar on Managing a Crisis: Prepare for Weathering the Next Storm to Come and find out how to plan effectively for potential disruptions in this Webinar on Disaster Planning Made Simple.
Masterclass
If you would like to improve your skills and knowledge relating to resilience by completing a course, KuppingerCole can help there too. You can sign up for our KC Masterclass on Business Resilience Management in a Pandemic Crisis.
Tech Investment
Organizations investing in technologies to promote and support resilience, can have a look at some of the related technology solutions that we have evaluated:
- R&S Trusted Gate by Rohde & Schwarz Cybersecurity
- Cisco Advanced Malware Protection
- Hitachi ID Privileged Access Manager
- CyberArk Privilege Cloud
- Safe-T Software Defined Access
- HP Helion Managed Virtual Private Cloud – Security and Assurance
- Hybrid Cloud Services
- TechDemocracy Intellicta
- Commvault Complete™ Data Protection