In today’s rapidly evolving threat landscape, the importance of cultivating a culture of cyber resilience cannot be understated.

Fortinet chief information security officer (CISO) Cornelius Mare said the convergence of cybercrime with advanced persistent threat methods has led to an increase in sophisticated and targeted attacks, making it imperative for organisations to adopt a proactive approach to cyber security.

“Cyber resilience is about building a resilient, secure, and adaptable business prepared for and capable of responding to threats. This involves developing and implementing a robust security posture that anticipates and mitigates threats and prepares organisations to quickly recover from any disruptions that may occur,” he said.

“The goal is to minimise the impact of a security breach and ensure business continuity, protecting the company’s reputation, financial stability, and customer trust.”

To create an effective cyber resilience strategy, Mare said businesses would need to focus on proactively managing and protecting sensitive information and assets from potential cyber threats.

This involves implementing technical measures, such as anti-malware protection, identity access management, and multifactor authentication, as well as establishing processes for securing and monitoring access to sensitive information.

Companies will also need to reduce the attack surface and conduct a thorough risk assessment to identify and detect cyber threats and vulnerabilities that could impact systems, applications, and data. This includes monitoring for malicious activity and implementing threat detection tools, such as endpoint detection and response (EDR), intrusion detection and prevention systems (IDS/IPS), and security information and event management (SIEM).

“Assuming a breach will occur and having a well-planned and tested response and recovery plan ready for deployment is essential,” Mare said.

“The core focus of any response and recovery plan is the technical aspects of understanding the scope of a breach, securing and restoring systems, strengthening IT security, and complying with regulatory requirements.

Companies can also take steps to review governance and to ensure the success of a cyber resilience strategy, with oversight from senior staff and directors. This includes having a comprehensive risk management program that aligns with the organisation’s overall goals and is validated by the business’s senior leadership.

Having a top-down approach to governance and assurance can help ensure that the organisation is taking a comprehensive and effective approach to protect itself from cyber threats, according to Mare.

Achieving cyber resilience is a long-term and ongoing process as the threat landscape constantly evolves and new vulnerabilities emerge. Businesses can, however, improve their cyber security posture and work towards achieving cyber resilience by implementing the following strategies:

Organisations can build a proactive culture that implements comprehensive and ongoing cyber security awareness programs to educate employees and empower them to identify and respond to threats. This can include regular tabletop exercises, simulated cyber attack scenarios, and organisation-wide security education initiatives.

“No business is completely immune to cyber attacks. The growing sophistication and diversity of cyber threats require a collective effort from all levels of the company, not just the IT department,” Mare said.

“By creating a culture of cyber resilience, everyone from top-level executives to frontline employees is held accountable for practising best cyber security behaviours and following protocols. This proactive and inclusive approach can significantly reduce the risk of cyber attacks and improve the overall security posture of the organisation.”

How we help

Ready to protect your business? My Business Cyber offers a complete solution to test, train and measure awareness, reducing the risk of human error. Protect your business from cyber scams and attacks with automated staff training, phishing simulations, tools, and resources.