Identify, Protect, Detect, Respond and Recover
Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks.
It helps an organisation protect against cyber risks, defend against and limit the severity of attacks, and ensure its continued survival despite an attack.
Cyber resilience has emerged over the past few years because traditional cyber security measures are no longer enough to protect organisations from the spate of persistent attacks.
In order to apply any cyber resilience framework you need to know what you have to protect, something many businesses fail to grasp. It is critical that you identify all information assets and resources, classify them, develop meaningful policies that all members of staff can understand, and then apply the necessary controls and counter measures. Only then can you monitor and defend those assets.
It is also imperative you discover and identify all devices connecting to your network. Many breaches occur through poor network hygiene, insecure configuration and general apathy. Even printers and legacy devices such as fax machines can pose a significant risk.
According to the NCSC (National Cyber Security Centre UK):
Networks need to be protected against both internal and external threats. Organisations that fail to protect their networks appropriately could be subject to a number of risks, including:
- Exploitation of systems: Ineffective network design may allow an attacker to compromise systems that perform critical functions, affecting the organisations ability to deliver essential services or resulting in severe loss of customer or user confidence.
- Compromise of information: A poor network architecture may allow an attacker to compromise sensitive information in a number of ways. They may be able to access systems hosting sensitive information directly or perhaps allow an attacker to intercept poorly protected information whilst in transit (such as between your end user devices and a cloud service).
- Import and export of malware: Failure to put in place appropriate security controls could lead to the import of malware and the potential to compromise business systems. Conversely users could deliberately or accidentally release malware or other malicious content externally with associated reputational damage.
- Denial of service: Internet-facing networks may be vulnerable to Denial Of Service (DOS) attacks, where access to services and resources are denied to legitimate users or customers.
- Damage or defacement of corporate resources: Attackers that have successfully compromised the network may be able to further damage internal and externally facing systems and information (such as defacing your organisation's websites, or posting onto your social media accounts), harming the organisation’s reputation and customer confidence.
The Cyber Security Breaches Survey is an Official Statistic, measuring how
UK organisations approach cyber security, and the impact of breaches.
31% of micro and small businesses identified breaches or attacks.
This is lower than in 2018 (when it was 42%).
Nonetheless, cyber attacks continue to cause problems for smaller businesses.
Among this 31%:
• 19% lost files or network access
• 10% had their website slowed or taken down
• 9% had software or systems corrupted or damaged.
More micro and small businesses say cyber security is a high priority now (78%, vs. 74% in 2018). But this is still lower than for medium (92%) and large firms (95%).
While attitudes have changed, micro and small firms could still do more to protect themselves:
More now have cyber security policies (32%, vs. 26% in 2018). But this is lower than medium (71%) and large firms (74%). Among those without policies or other forms of risk management, reasons
include thinking they are too small (35%), not prioritising cyber security (21%) and not seeing it as a risk (19%).
77% believe the staff dealing with their cyber security have the necessary skills and knowledge. However, only 26% sent staff on cyber security training or conferences this year (vs. 19% in 2018).
While most (88%) have heard of the General Data Protection Regulation (GDPR), relatively few are aware of the implications. These include potential fines and the need to report personal data
breaches to the Information Commissioner’s Office (ICO).
To find out more about how we can resolve your IT issues please email or call us:Send us an email Call us +44 (0)1462 416400