So what are the modern expectations of resilience? In summary, they are that an organisation will have credible blended countermeasures designed to stop attacks from occurring, and that when attacks aren’t stopped, the impact on the organisation, its operations and its customers is minimised, while the organisation remains competitive.
Governments and businesses recognise that absolute cyber security is neither possible nor practical. Given how critical these organisations and their services are to the stability and competitiveness of nations, making them resilient to cyber threats is the only realistic way to address the problem.
Organization should recognize that eventually their security will be breached and they need to have plans in place to deal with these breaches. This is what cyber resilience is all about. These are strategies that organization could employ to help increase their cyber resilience and offer a robust level of infrastructure protection, these include:
Threat detection is vital in order for organization to successfully implement containment controls and implement contingency plans. The sooner an attack can be detected, the greater the ability will be to contain the damage and reduce the impact to organization, employees and customers.
Having adequate measures in place to enable organization to effectively correct the situation after an incident has been detected is extremely important. Well-designed and thoroughly rehearsed plans and procedures will help to minimize the damage and mitigate the risk. The ability to recover and reduce the extent of your exposure to a risk is vital in successfully protecting your data and assets.