The changing demands of the business landscape and the increasing diversity of cybersecurity threats mean that resilience is more important than ever. In this context, resilience refers to the ability of an organisation to anticipate and adapt to the kind of changes and challenges that can destabilise people, organisations and communities.
“Planning for both the expected and the unexpected helps to make businesses more agile and resilient”
Whether in response to short-term events like natural disasters or the daily pressures faced by businesses, resilience enables organisations to make informed decisions and take the appropriate action to protect themselves. As well as ensuring as little disruption as possible to daily business operations, resilience is closely linked to an organisation's reputation.
One organisation that recognises the importance of resilience is the appropriately named Resilience First*. A spin-off from the non-profit organisation London First*, Resilience First is an initiative that aims to boost urban resilience for business communities in the UK and beyond. In recent years, businesses have had to refocus their resilience efforts as a result of a number of major security incidents. Resilience First aims to enable local business communities to respond positively to both recurring and unexpected challenges. The idea is to nurture a bottom-up approach that creates a solid base of local resilience for national strategies to build on.
At a recent Resilience First event, business leaders from member organisations, including Intel, HSBC* and BP*, gathered to share intelligence on their resilience strategies. Several key areas emerged as important factors in resilience planning, such as the shift away from a top-down approach. Previously, the onus was on Chief Security Officers (CSOs) to ensure company-wide resilience, but now all employees have an important role to play. When an unexpected event occurs, it's important that all teams know what their roles are instantly, through continued exercise and response training.
Clear communications are also essential when it comes to developing resilience. Trust must be built within an organisation so that any problems can be escalated swiftly when necessary and dealt with in a calm, measured way. In the event of a major security incident, clear communications to customers and suppliers from a person of authority are vital.
For companies to remain resilient, they must regularly review their perception of risk and the information that it's based on. A vital part of this is creating processes that continually challenge assumptions in order to alter the way that risk is viewed. Businesses can combine this change of mindset with emerging technologies such as Artificial Intelligence (AI) to get a more dynamic view of risk in their organisation. Another essential step is action closure – there's no point listing action points related to risk unless they're actually completed.
There is a wide variety of unforeseen circumstances that can that can have a dramatic impact on organisations of all sizes, from power blackouts to terrorist attacks. What's more, the evolving business environment can affect resilience in terms of new regulations and compliance, but this isn't necessarily a bad thing. "GDPR has changed the culture associated with security and privacy," said Richard Curran, Chief Security Officer, Global Cloud, Enterprise & Government Group Sales at Intel.
As a result of GDPR, businesses are having to ensure that their data are safely stored in a uniform manner so that they can access it easily. The dramatic growth in data, whether that's at the edge in or in the cloud, is a major challenge when it comes to resilience. But regulations like GDPR give businesses an extra incentive to focus on their data management.
As part of their resilience strategy, businesses need to look at how they can effectively manage and use the ever-expanding amount of data in future. How to make products, networks and tools to enable businesses to take advantage of this vast amount of data is part of the overall resilience challenge. "Industries need to think about the impact it's going to have on their businesses — it's already happening", said Curran.
With manufacturing sites all over the world, Intel has a strong focus on resilience and has refined its approach in recent years to adapt to changing industry conditions. One area of particular focus is skills. It's no secret that there is a worldwide skills shortage in the security sphere. The problem is partly driven by the fact that the security skills needed now are very different to those that were needed a decade ago.
As well as retraining existing workers, it's important to identify a new type of employee who possesses the essential forensic skills that can help businesses to pinpoint and combat the methodologies used by cyber hackers. "Reputation is fundamental, not only from a customer base but also internally, in terms of attracting the right people and ensuring that we provide opportunities for everyone," said Curran.
In order to prepare for the increasingly inevitable risk of cybersecurity threats, as well as less predictable events, resilience should be a key part of any digital strategy in the digital era. Planning for both the expected and the unexpected helps to make businesses more agile and resilient.
*Other names and brands may be claimed as the property of others