Your organisation spends significant amounts of time and money on cybersecurity. Much of your own time is spent evaluating systems and software for chinks in their armour.

So it can be quite dispiriting to be told that all your efforts may not be enough. According to the latest UK government statistics (1), two thirds of medium and large business identified at least one breach or attack in the previous 12 months. For medium sized businesses, the average cost of these breaches has increased from £1,860 in 2016 to £8,180 this year.

None of these businesses were defenceless. But many still suffered breaches that cost them revenue, resources and (in some instances) reputation. The uncomfortable fact is that traditional cybersecurity is no longer enough. The abundance and sophistication of cyber attacks mean that, however many defences you put up, there is always the risk of a breach.

So what can you do? Experts increasingly talk about the need for resilience alongside defence. In practice that means accepting the fact that cybersecurity measures reduce the chance of a network breach, but can’t eliminate it. It accepts that, sometimes, the criminals will get through. It asks the question: “If this business is breached, what happens then?”

In a resilient company, what happens then is that systems kick in to swiftly identify the breach, minimise the damage it can cause, and keep the business up and running even while the attack is happening. Getting to that stage is a journey, and instilling resilience is a continuous process of improvement and refinement. But starting is a positive move in itself. Here are four steps your business can take now.

Normalise the threat

The first step to cyber resilience is accepting reality. Cyber threats are a real and present danger to your organisation. You are not invisible or insignificant, and every point of contact between your systems and the internet is a potential weakness. There may be backdoors to your data that you haven’t even considered, like the networked printer churning out pages unobtrusively in the corner of the office. Take a clear-eyed view of your vulnerabilities and where they might lead.

Educate and reinforce

Your biggest weakness may be your most IT illiterate - or blasé - member of staff. Education is a vital part of cyber resilience. A recent Ponemon Institute study found that 35 percent of data breaches involved human factors, such as negligent employees.

A recent Symantec report states: “As part of preparation, make personnel aware of existing cyber security policies and processes, and help them understand the business importance of those policies and processes. Individuals who aren’t security savvy or not necessarily aware of the value of certain information are vulnerable to exploitation or making costly mistakes.” (2)

Swift detection

According to the latest Verizon Data Breach report (3), 68% of data breaches took months or more to discover. The longer it takes to identify a successful attack, the longer cybercriminals have to wreak havoc. Putting processes in place to swiftly uncover potential breaches is a vital part of cyber resilience. Attackers may find a back door to your data, but a speedy response can stop them doing too much damage.

What exactly those processes are will depend on your business and systems. But log files and change management systems can provide an effective early warning system. Regular monitoring for unusual activity may be time consuming, but far less so than letting cyber attackers loose in your system for months on end. Help is available. For example, Zen's Managed WAN Service proactively monitors complex networks to ensure that staff are connecting to it in a way that doesn't compromise security.

Business continuity

Finally, resilience means keeping your core business running even as you deal with a potential security breach. One way to ensure business continuity is to utilise a cloud service to continually back-up your data and systems. Zen Cloud is a secure, resilient home for business-critical IT. With Zen’s Disaster Recovery as a Service you can spin up a new virtual environment, including everything your business needs to function normally, in seconds.

In tandem with Zen’s secure network, Zen Cloud ensures the smooth flow and efficient storage of your critical data regardless of external threats. It’s just one way to make sure that, whatever happens, your resilient company remains online and in business.

Source:

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/701842/CSBS_2018_Infographics_-_Medium_and_Large_Businesses.pdf

https://www.symantec.com/content/en/us/enterprise/white_papers/b-cyber-resilience-blueprint-wp-0814.pdf

https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf