Executive Summary:
The frequency and severity of cyber disruptions highlight the need for strong cyber resilience planning. Recent statistics reveal some worrying trends:
In 2022, nearly 90% of security professionals have identified weaknesses in their supply chain. as many as 90% of organizations suffered from a ransomware attack and 86% of organizations lost business or revenue due to an incident. In conclusion, today’s cyber threats mean that cyber resilience is critical.
By prioritizing cyber resilience, organizations not only protect their core assets, but also proactively address an evolving threat landscape and develop a reliable business ecosystem that contributes to ongoing organizational success.
Still, who bears the responsibility to ensure cyber resilience? In this article, we will explore a variety of perspectives that can assist you in expanding your capabilities to foster resilience within your organization.
What is cyber resilience?
National Institute of Standards and Technology (No) defines cyber resilience as the ability to anticipate, withstand, recover and adapt to difficult conditions, pressures, attacks or compromises on systems used or enabled by cyber security resources.
The purpose of cyber resilience is to ensure that business processes can continue to function smoothly in a contested cyber environment.
Warranty for resilience
Organizations have begun to establish clear lines of business ownership around cyber resilience, helping to ensure that resilience becomes a central part of culture, processes and decision-making.
In the past, the Chief Information Security Officer (CISO) or equivalent role was tasked with leading the charge in terms of cyber resilience. This person has the expertise and authority to streamline efforts, allocate resources effectively, and maintain accountability.
However, in recent years the role of Chief Resilience Officer (CRO) has emerged as organizations recognize the need for a dedicated role when it comes to addressing the challenges associated with resilience.
The role of the CRO
The Chief Resilience Officer is a senior level manager. This individual develops and implements strategies that enable the organization to proactively address potential future business continuity challenges, including natural disaster challenges, economic crises, cyber security events and other unforeseen events.
As Chief Cyber Resilience Manager for eSentire, Tia Hopkins Explains, this role helps limit the scope of incidents and problems. “So it’s just ‘clearing aisle six’ compared to the building that burned down.”
By ensuring effective response and recovery mechanisms are ready for near-instant activation, the CRO oversees an organization’s long-term viability and sustainability.
who else?
Some argue that responsibilities related to cyber resilience can be included in the role of chief information officer (CIO) or other technology-based roles. At the end of the day, one could argue, who has what title and what responsibility is a question of semantics.
It is essential for organizations to simply ensure that someone is responsible for looking through all lenses to see how threats can affect the distribution of human, technical, third-party and data resources, the impact on the company and its services, and what emergency capabilities look like. same as.
“You need people who can talk and walk technology operations, security, risk and compliance to some extent,” says James Hardy, chief resilience officer of State Street Bank.
Future
Some predict that the role of cyber resilience officer will become a fairly standard role in the next decade. This is likely to take shape within more mature, forward-thinking organizations, which are at the highest risk of compromise, reputational damage, and financial damage.
Cyber resilience planning is especially important in operational technology (OT) environments, where the hardware and software interact with the physical world and support public services. These systems should be resistant to cyber security failures and other types of failures.
resilience resources
Embarking on new resilience initiatives can seem daunting, but a host of resources can help. Examples include the World Economic Forum’s Cyber Resilience Index, NIST’s 800-160v2, MITER’s Cyber Resilience Engineering Framework, and Cyber Talk’s Operational Resilience Recommendations.
For more insights into cyber resilience, check out CyberTalk.org’s past coverage. Finally, to receive timely cybersecurity news, insights and cutting-edge analysis, please subscribe to cybertalk.org newsletter.
