Cybersecurity is an endless process of chasing and preventing known attacks; anticipating attacks; and monitoring, alerting, patching, remediating and implementing solutions. It is becoming a maintenance function that trails hackers and other bad actors.
Cyberresilience refers to the ability to constantly deliver intended outcomes despite negative cyberevents. It is keeping business intact through the ability to effectively restore normal operations in the areas of information systems, business functions and supply chain management. In simple terms, it is the return to a normal state.
Cyberresiliency is the ability to prevent, detect and correct any impact that incidents have on the information required to do business. Examples of the enterprise cyberresiliency goals are:
- Anticipate—Stay informed and ready to expect compromises from adversary attacks.
- Withstand—Continue the enterprise’s mission-critical business operations despite a successful attack by an adversary.
- Recover—Restore mission-critical business operations to pre-attack levels to the maximum extent possible.
- Evolve—Change missions/business functions and/or the supporting cybercapabilities to minimize adverse impacts from actual or predicted adversary attacks; change cybercapabilities for mission-critical business operations to minimize impacts from the actual or predicted adversary attacks.
Cyberresiliency has progressed to enable enterprises to withstand and rapidly recover from cyberattacks that have a criminal intent to induce harm, cripple and extort enterprises. Cyberresiliency is a board-level responsibility with high business content. It is based on initiatives under the auspices of corporate governance, enterprise cyberprograms and supply chain network.
The trend and severity of serious cyberbreaches underscores the fact that enterprises will face a serious breach with intent to harm. The organization and its board of directors (BoD) ought to, in anticipation of such an attack, plan how to withstand it, rapidly recover from it, and how to evolve to reengineer its business and cybersecurity processes.
It is the enterprise’s responsibility to evaluate and measure its current state of cyberresiliency and how to transform itself to strengthen its cyberenvironment to withstand serious cyberthreats.
A methodology was developed to build a cyberresiliency decision model (CRDM). It quantifies and compares the degree of impact of each proposed cyberresiliency initiative on any of the enterprise-stated goals and objectives and develops a road map to the containment of the threats.
Determining the portfolio of cyberresiliency investment and the realized value of such initiatives is highly correlated with an organization’s willingness to articulate the following:
- The risk of potential costs of security incidents that the enterprise is willing to bear
- The level of risk that the enterprise is willing to accept when running its business
- The enterprise’s recognition that investment in cyberresiliency ought to be mapped and prioritized to the desired outcome and types of threats.
Read Robert Putrus’ recent Journal article:
“Enterprise Transformation to Cyberresiliency,” ISACA Journal, volume 3, 2019.