When information security is brought up, many people think of GDPR, firewalls and antivirus protection. But most IT managers and decision-makers have known for a long time that current and future threats can still weasel their way through. Larger organisations are increasingly putting their faith in incident and emergency management, but this often doesn’t cover all real risks. That’s why organisations of all types and sizes should ask themselves how to counter current and future security challenges.
Be proactive instead of reactive.
For security managers, concepts such as ISO 27001, service management, business continuity management and basic information security guidelines are no longer incomprehensible jargon, but simply a part of daily business. Yet these all have one thing in common: they’re reactive. They chiefly define processes for minimising the damage caused. If an incident occurs, such processes are undoubtedly critical. But what if you took action before any incidents even occurred to ensure they don’t provoke serious consequences? What if there was a way to make your organisation resilient?
Improve IT resilience.
In a resilient organisation, various mechanisms work together. Combining closely linked IT areas—information security, emergency management, disaster recovery, business continuity, risk management and service management—with strategic leadership, corporate culture and other resources forms the bedrock of proactive resilience. This allows critical processes to be designed as virtually airtight. In addition, it minimises redundancy, defines organisation-wide processes and establishes a coordinated resource management system. If a worst-case scenario should occur, critical processes can be preserved. Resilience does not promise to pre-emptively eliminate all threats. Rather it means being prepared for an emergency and the associated business-related risks.
Reinforce critical processes.
This approach has its origins in military strategy. Essentially, it boils down to being able to maintain critical processes, such as communication channels, independently of external support services. If a communication channel goes down, an alternative is already there. A good example from our everyday lives is banking. Most of us conduct mobile banking transactions on our mobile phones. If our smartphone’s battery is empty, we simply switch over to a laptop. And if that fails, we can always walk to the bank itself. We know what can go wrong and how to prepare for it in our personal lives, but in the business arena we’re often clueless. The failure of individual processes can set off a chain of events that has the potential to cripple an organisation for the long-term. ISO 22316 and the British standard 65000 represent the first steps towards creating a framework for organisational resilience. Introducing a new standard isn’t the hard part, though. What’s difficult is switching from reactive to proactive thinking—strategically and organisation-wide.
Bechtle as your expert partner.
Bechtle has been addressing cyber resilience for years now, linking our expertise in various technical and organisational fields with specialists in crisis response, strategic planning, forward-facing technology and business coaching. In 2017, this combination led to the development of our Cyber Resilience Framework. Based on the circumstances and requirements of our customers’ organisations, we build environments with fail-proof processes, where security processes are automated wherever possible and the ramifications of security-related incidents are minimised. And we do this backed by a solid network that enables us to support almost any organisation, from SMEs to federal agencies.