According to the National Institute of Standards and Technology, cyber resiliency is "the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources." To put it simply, cyber resilience isn't just about incident prevention, it follows an entire cyber security and resiliency policy framework. The emphasis is on your company's capacity to successfully recover from a cyber attack with as little disruption to your operations as possible.
Creating a cyber security and resiliency policy framework will outline the specific actions companies can take to help align people, processes and technologies to protect their businesses from cyber attacks and recover from these incidents if they occur. This framework encompasses several pillars.
According to the Cybersecurity and Infrastructure Security Agency, these pillars include:
- Robust IT asset management (data, applications and systems)
- Comprehensive user access management to ensure only the right users have access to specific information
- Proper risk and vulnerability management to identify, assess and prioritize security risks and close the most pressing security gaps
- Comprehensive incident management, which includes threat detection and response
- Training and awareness to build employees' cyber knowledge and empower them to be active players in helping your organization combat threats
A cyber security and resiliency policy framework is crucial for businesses today because hackers have become increasingly sophisticated and relentless. The number of cyber attacks continues to grow. According to FBI data, losses related to cyber attacks exceeded $4.1 billion in 2020, and the number of public complaints the agency received about cyber crimes grew 69% year over year—a record number.
Building cyber security and resilience into your business can help your company mitigate the financial, operational and reputational risks associated with a security breach. According to a recent Accenture study, compared to companies that lack cyber resilience, organizations that have this capability have four times the advantage in stopping targeted cyber attacks, a three-fold advantage in quickly recovering from these attacks, and a two-fold advantage in minimizing the damage and potential business impact of these incidents.
Your company can reap similar advantages by understanding threat research and focusing on cyber security and resilience.