Who is responsible for cyber resilience within your organisation? Before you say the IT department, think again
Cyber resilience is an organisation-wide approach which combines cyber security with organisation resilience, enabling an organisation to better prepare for, respond to and recover from cyber-attacks and breaches.
60% of organisations who experience a cyber-attack go out of business within six months. For those organisations that continue to operate, the consequences of an attack can still be harmful. Reputational damage, stolen assets or data, hefty fines, terminated contracts, and financial losses are just some of the potential effects of a cyber-attack. Ultimately they threaten a organisations’ ability to operate, which is why cyber needs to be championed from the top. Yet cyber is still frequently considered to be an issue for the IT department.
DS Symon Kendall of Tarian Regional Cyber Crime Unit explains that, “this is generally due to the term cyber being associated with a need for technical knowledge. Yet the input from an IT department or service provider is just one aspect of cyber resilience and organisations are putting themselves at risk by reducing cyber to an IT problem.”
“It can help to think of cyber security as the technical element, and cyber resilience as the organisation continuity element. Both are vital, but the latter does not require innate technical knowledge.”
Unfortunately cyber-attacks and breaches are becoming inevitable; it is not a question of if, but when. And strong cyber resilience can enable an organisation to continue to operate during and after an attack. Management need to understand the risks posed, and to consult with departments across the organisation – including IT but also (if present) HR, Accounting, Public Relations, and more – in order to develop appropriate policies and plans which are the result of a collaborative effort.
“Not only will this help management to create an informed continuity plan,” continues Symon, “but it will also help to create a holistic approach to cyber resilience with all divisions and levels of the organisation now thinking about the role they need to play.”
Getting started with cyber resilience can seem daunting, but Tarian Regional Cyber Crime Unit can help. A multi-disciplinary team of Police Officers and Police Staff seconded from the three Welsh forces, the unit is tasked with investigating online criminality whilst also working with organisations across the region to enable them to better understand the cyber threat, and how they can work to protect themselves. Tarian’s services are fully-funded and provided at no cost to the service user. The services range from presentations and mock phishing exercises for staff, through to cyber resilience exercising for organisation-leaders. As well as a newly developed tool, Police CyberAlarm. Police CyberAlarm is a fully funded tool which has been developed by the National Police Chief's Council to enable organisations to minimise their cyber vulnerabilities. It monitors the organisation’s internet traffic. This means it will detect suspected malicious activity and provide regular reports to the organisation and the police. This enables organisations to minimise and understand their vulnerabilities. It also supports local, regional and national police levels to identify trends, react to emerging threats and identify, pursue and prosecute cyber criminals.
To find out more about how Tarian can help your organisation, contact: Tarian-RCCU@south-wales.police.uk or georgia.christensen@south-wales.police.uk