Cybersecurity Resilience Emerges as Top Priority for Businesses in 2023
According to Cisco’s Annual Security Outcomes Report, 62% of surveyed organizations share that they have experienced a security event in the past two years that impacted business. Common types of incidents were network or data breaches (51.5%), system outages (51.1%), ransomware events (46.7%), and distributed denial of service attacks (46.4%).
These incidents had harsh consequences for the companies that went through them, as well as the other businesses they work with. The most common effects were IT and communication problems (62.6%), supply chain disruptions (43%), weakened internal operations (41.4%), and long-term damage to their reputation (39.7%).
The report’s findings reveal that security resilience is a top priority for 96% of surveyed executives. Furthermore, preventing incidents and mitigating losses are the main objectives for security leaders and their teams when it comes to security resilience.
What is security resilience?
Security resilience doesn’t always mean full recovery from an event or condition that has knocked you down. Instead, it means continuing to operate during an adverse situation, either at full or partial capacity and mitigating the effects on stakeholders. Ideally, security resilience also means learning from the experience and emerging stronger.
Resilience requires the ability to manage change, which may be positive or negative. For example, it can be a new partner acquisition, a positive, or be the target of an attack, a negative. The starting point for security teams is resilience planning. Use a risk-based approach and look at the threat, the vulnerability, the probability, and the impact. Continuity and recovery plans are built around these scenarios.
Six pillars of a resilient security strategy
- Leadership buy-in
- Recognize the problem areas
- Invest in your people
- Converge information security with operational technology
- Have a security-by-design mentality
- Implement multi-factor authentication (MFA) everywhere
A more robust security culture boosts resilience by as much as 46%. By “culture,” we don’t mean annual compliance-driven awareness training. Cybersecurity awareness is what you know; security culture is what you do. When organizations score better at being able to explain just what it is that they need to do in security and why, they make better decisions in line with their security values, and that leads to better overall security resilience.
It is loud and clear that an ounce of prevention is worth a pound of cure. Stepping your employees through new-school security awareness training and enabling them to report suspicious emails that can quickly be responded to easily is a highly efficient way to test and improve your security culture.
Want to learn more about Yeo & Yeo Technology’s security awareness training solutions? Contact us today.