CYBERSECURITY AND CYBER RESILIENCE ??? (AND WHY YOU NEED BOTH)- 1 DECEMBER 2020

RMcH states: in this article from forbes.com, it outlines the cyber threats – read about the DIGITAL TWIN – a great idea to assist you .

Cyber threats like hacking, phishing, ransomware, and distributed denial­of­service (DDoS) attacks have the potential to cause enormous problems for organizations.

Not only can companies suffer serious service disruption and reputational damage, but the loss of personal data can also result in huge fines from regulators. Cyberattacks are hitting the headlines with increasing frequency, the effects of which can be permanent and devastating.

Therefore, all companies need to invest in cybersecurity and cyber resilience.

 In a nutshell, cybersecurity describes a company's ability to protect against and avoid the increasing threat from cybercrime. Meanwhile, cyber resilience refers to a company's ability to mitigate damage (damage to systems, processes, and reputation), and carry on once systems or data have been compromised. Cyber resilience covers adversarial threats (such as hackers and other malicious actors), as well as non­adversarial threats (for example, simple human error).

One way of thinking about the difference is that cyber resilience involves accepting the fact that no cybersecurity solution is perfect or capable of protecting against every possible form of cyber threat. This is why every company needs both aspects.

The cybersecurity strategy is designed to minimize the risk of attacks getting through. But when they inevitably do, the cyber resilience strategy is there to minimize the impact. What does all this mean in practice?

Practical cybersecurity steps are perhaps more immediately obvious than those for cyber resilience, at the very least, cybersecurity involves ensuring:

All your devices are running the most up ­to­ date firmware  

That firewalls, VPNs, and antivirus/malware protection is running and up­ to­ date.

That all software and tools are fixed with the latest patches

That employees at all levels of the business are educated on the potential threats and how their actions help to defend the organization Cyber resilience steps will vary from business to business, but a good starting point is to work out where cyber events and incidents could have the most damaging effects on the business.

A DIGITAL TWIN

Drawing up a list of where your operations are reliant on technology, as well as where sensitive and valuable data is stored and used, will help you to gain an overall understanding of how continuity of service could be affected.

This is where the concept of a “digital twin” can play an important role in cyber resilience. A digital, simulated model of your organization or its processes can help you understand the impact on overall output and efficiency.

Having gained an understanding of how core functions could be affected, cyber resilience involves putting in place measures to mitigate the damage as best as possible in the event of an attack. For example, you might develop offline emergency processes to keep essential functions such as customer service, quality assurance, finance, and security running as well as possible until the breach can be fixed.

Technology brings incredible new opportunities and business advantages, but it also brings unprecedented new threats. Cybersecurity and resilience both require an investment in time, resources, and education, but that investment will be repaid many times over once you’ve withstood your first cyber­attack. Forbes.com