In many areas of our lives, we take preventative steps to protect ourselves from accidents and illness. Cars are chock full of safety systems and sensors that shield us from injury and even cautious cyclists have a safeguard in the form of a helmet. So why take unnecessary risks when it comes to IT?
While resilience describes structural strength, in psychology, it means a person’s ability to handle difficulties and stress, which is possible to learn and you can even train yourself to overcome crises. This principle can be applied to organisations and even society as a whole, but also to IT.
Cyber resilience mean preventative IT protection and covers the people and organisation as well as the infrastructures and technologies. “An IT user’s digital sovereignty and integrity are key factors that are often overlooked”, says Tobias Dames, Bechtle resilience expert. If everyone stuck to the rules regarding security—provided they know how—the biggest risk would be avoided. That’s why awareness and behaviour training are central elements of a resilience strategy.
Another aspect is being aware that there is no such thing as total security. Tobias Dames and his team therefore concentrate on a business’s or authority’s core processes. What has to work and what is not absolutely necessary? So for example, a parts supplier’s production and logistics are more important than, say, its application management.
In order to achieve resilience, we need to take a strategic approach and switch from being reactive to proactive at all levels of the company—and that includes top management.
The core must then be made as resilient as possible, by creating a protective shield consisting of several layers, giving several fallback options in the case of issues. This also allows for faulty features and damaged systems to be recovered at the same time. But beware. “The structures and rules have to be carefully and transparently documented”, stresses Tobias Dames. A good back up plan ensures enormous security—not just mentally, but in reality, too.
Bechtle has developed a framework to implement cyber resilience in an organised manner. In an assessment centre, operationally essential processes are identified before their security requirements are defined. That takes three to five days and then we have benchmarks. A team of specialists from a wide range of disciplines tackles these challenges: Network technology, data security, disaster recovers, business continuity and service management experts are as much a part of the team as organisation consultants, risk managers, business coaches and anti-manipulation trainers. They work together to protect employees and immunise IT infrastructures and applications paying particular attention to what’s business-critical, meaning companies can ensure their economic survival. Operators of critical infrastructures such as energy and water companies and internal and external security institutions take on even greater responsibility by being as resilient as possible. Of course, cyber resilience does not make you impervious to threats, but it does make systems and organisations less vulnerable to attack, also in terms of a holistic understanding of compliance.
Bechtle update editorial team
Get the best from the Bechtle update every two months directly into your mailbox. Click here to register:
Published on May 5, 2020.