Do you know understand resilience, and how partnering resilience & cyber can be your best allies in the constant battles against cyberattacks? You’ll find the quick summary at the start to save you time and cut to the key points you need to know. The rest of this blog will give you the detail so you understand the importance, as well as help you gain the knowledge you need.
- Everyone is at risk, including not for profit & charities.
- Cyberattack is inevitable.
- Cyber resilience is key to your survival and recovery from a cyberattack.
- Preparation and Prevention are your best allies.
The dictionary tells us; it is the ability of a system or organisation to respond to or recover readily from a crisis, disruptive process.
Your ability to prevent, respond to and recover from a cyberattack.
Preparation and prevention, are your best allies in this battle
“Prevention is better than cure”, a common quote that is shared in many situations, cybersecurity is no different.
There is an overwhelming amount of information, resulting in decision making more difficult and confusing! We are striving to simplify cyber security, making it affordable, attainable and available to all.
The best forms of prevention are certifications that provide assurances to you and your clients that you have taken steps to reduce risk, demonstrate compliance & protect data and information.
Let’s talk more about certifications.
The most well-known is the Cyber Essentials Certification, focussed on assessing your technical controls to ensure you have them in place to protect you from the vast majority of common cyberattacks.
Cyber Essentials Plus is a higher-level certification that gives the added reassurance of an independent assessment.
Newer to world of cybersecurity is the IASME Cyber Assurance Certification, developed through government funding to create a cybersecurity standard. This standard allows small companies to demonstrate their cybersecurity, as an alternative to international standard, ISO27001.
The IASME Cyber Assurance Level 2 gives the added reassurance of an independent assessment.
- Protect you from the most common cyber threats
- Provide you with assurances you have adopted industry best practices and protocols
- Reduce your risk of cybercrime
- Demonstrates to the external world you take information & cybersecurity controls seriously
- Provides assurances that you are compliant with all legislation, regulatory & best practices for securing your data and information
- Significantly reduces your threat from outside and internal attack
“By failing to prepare, you are preparing to fail” Benjamin Franklin, Founding Father of the United States.
Just like you wouldn’t wait for a fire alarm to sound to figure your emergency plan, you shouldn’t wait for a cyberattack to consider how you will respond to it.
Preparation key areas;
- Risk Management
- Business Continuity
- Disaster Recovery
Risk Management; process that enables to you understand risk, act against it, minimising threats and maximising opportunities.
Across the world, there are many different risk frameworks being used, most have the same common elements.
- Identify the risk.
- Assess business harm, impact and probability.
- Calculate overall risk exposure.
- Prioritise and treat the risk.
- Monitor the risk.
Business Continuity Planning (BCP) is about having a plan to deal with difficult situations, so your organisation can continue to function with as little disruption as possible. This plan needs to account for people, locations and processes based on criticality. The process is designed to understand the critical employees, critical time periods and your dependency on your offices.
Disaster recovery (DR) is a plan designed to recover the IT and infrastructure after a disaster. A DR plan comprises recognising crucial IT systems and networks, categorizing the RTO, and reporting the activities required to resume, reconstruct, and recover IT systems and networks. DR is part of the overall BCP.
Recovery Point Objective (RPO) is the tolerable amount of data the organisation is prepared to lose.
Recovery Time Objective (RTO) is the amount of time needed to recover the critical systems and applications.
The industry standard for assessing IT systems and applications is known globally as the CIA Triad. This is made up of 3 key concepts; Confidentiality, Integrity & Availability.
- Confidentiality (Access Control):
Confidentiality means ensuring that information is accessible only to those authorised to have access
- Integrity (Accuracy):
Integrity means safeguarding the accuracy and completeness of the information.
- Availability (Accessible):
Availability means ensuring that authorised users have access to information and associated systems when required.
Using a scoring matrix based on 3 points, (High, Medium, Low) each application is assessed separately and then ranked against each other.
Combined together, BCP will allow you to keep the organisation operating should the worst happen, while DR will lead the recovery of IT systems & infrastructure.
We hope you have found this guide useful, it is part of a series which can be found on our website at www.net-defence.com.
Our team can be reached on 03300 0241666 or firstname.lastname@example.org should you have questions or want to better understand what your business needs.