
We are often asked this. Is there such a thing as a perfect cyber security plan? The simple answer is no, because the goal with cyber security is to build resilience for your company so that even if an attack takes place, your business continuity is ensured and you can fall back on your feet.
In spite of everyone’s best intentions breaches can happen over time, so the best thing to do would be to make sure robust systems and procedures are in place to combat these risks. Now how can one ensure that their company’s cyber security measures promote resilience?
At the core of building cyber resilience is ensuring that the business understands the impact of a potential cyber-attack and takes the steps required for the business to circumvent and recover from such an attack.
In essence, it is moving cyber security away from a purely technical focused discipline into a more business and risk management point-of-view. It means analysing areas of potential hazard and safeguarding them in the best ways possible.
To facilitate this, it is important to examine the different kinds of vulnerabilities you may be exposed to. Here are a few commonly encountered ones
- Inside attack
- Distributed Denial of Service attacks (DDoS)
- Intellectual property/confidential data theft
- Password attacks
- Phishing
- Unauthorized network access by outsiders/employees
- Virus or malicious software infection
- Advanced Persistent Threats (APTs)
To bring down the margin of human error it’s important to keep all personnel up to date with information pertaining to all these attacks. Now besides education there are several steps that NEED to be taken to ensure resilience.
One of the primary action items on this list is simply ensuring that all systems are updated. Out of date tech is easily prone to attacks, so updating patches, making sure that bugs are fixed and ensuring they are completed is step one towards building a higher resilience.
The second golden rule is backing up data diligently. In the event of a cyber attack, being able to retrieve precious data could very well make or break your business. Putting processes in place to ensure this is imperative.
Operational monitoring is the next effort that can help to ensure the defence mechanisms are in place to combat a cyber attack. Tools to detect malicious activity and respond to it must be in place. If this means reorganising technical infrastructure to limit access, or having more secure processes in place, then so be it. Having a Chief Information Security Officer (CISO) is important to maintain these kind of processes and controls within organisations.
Protecting the gateway can also mitigate information leaks and facilitate more effective management of cyber security. It is through this weak spot that most viruses can easily enter the system undetected and wreak havoc. Hence, to protect the gateway layer and suppress cyber threats at this level, you should maintain up-to-date security appliance with gateway anti-virus and carry out web content filtering.
Business critical transaction should also be safeguarded with extra layers of cyber security. Breach of this data could prove to be a serious pitfall for the traction of your entire business, so maintaining sensitive data securely is imperative.
While these are some of the measures that organisation can carry out to ensure higher resilience to cyber crime, it is a regular process that involves a dedicated approach to cyber security. Putting plans and processes into place and maintaining them can be a constant challenge. Educating employees for instance is an ongoing process that will need to be carried out at regular intervals.
There are a few investments that companies will definitely have to make to ensure information security. These include encryption software, data backup solutions, password security software, firewalls and of course the always popular, anti-virus.
We all tend to build walls around ourselves and property that is precious to us. But history has proved that having walls may not ensure the safety of yourself or your property. So keeping a few plans in place in case this protection is breached is the only way we can deal with that loss.
It’s the same with cybersecurity. Building cyber resilience is the insurance plan to a potential cyber attack. You will still face breaches, but you may be able to salvage your business if you are cyber resilient.

