Phishing, Ransomware, DDoS attacks, Business email Compromises, … are all known attacks on IT environments that can lead to serious business interruptions and financial loss for organizations or private persons. As a Security Officer, one of the most important tasks is to pull management into this Cybersecurity pool and assist them in navigating it. In the fight against adversaries of all sorts and all around the world, Cybersecurity awareness is key. And with Cyber awareness comes automatically Cyber resilience. Reports and articles of all sorts including DataNews, Voka, Agoria, and even the Flemish Government, indicate that there is still a huge mountain to climb to make Belgian companies (more) resilient against Cybercrime.
Like many things in organizations, this has to start from the top. CEOs, General Managers, and Board Members should make this a top priority in their organization. In the end, it’s all about risks. What are the risks to the organization, what are the odds that they happen and what is the risk appetite of the organization? A report from Voka shows us that 50% of the questioned SMBs in Flanders have no IT security plan. And it’s safe to assume that the majority of companies that were not included in the inquiry or did not respond to it do not have one either… Fortunately, there is a shift in climate as more attention is being given to this issue. We even see several initiatives from the government to highlight this problem and assist organizations in taking steps to improve their Cyber resilience. What with organizations that still do not want to take any steps? Well, there is still a lot of legislation that is either already in place or will be in the future months that need to be complied with, which makes this strategy not the best approach.
If we look up the definition of the word “resilience” we can translate it into “the power to restore as quickly as possible from a bad situation”. We also often use the term to indicate the ability to withstand attacks, but what does this mean for organizations? What must CEOs, MDs or Board Members do to make their organization (more) Cyber resilient? Well it’s easy: in my view the way to (a better) Cyber resilience can be divided into 3 chapters: