Gregor Jeffery is the Enterprise Marketing Manager at Mimecast Australia. With over 15 years of experience working with corporate organisations (Cyber Security, Employee Incentives) and start-ups (Ecommerce, Ad-tech, Cloud), Gregor now helps to drive cyber resilience messaging strategies with companies across Australia and New Zealand. Outside of Mimecast, Gregor enjoys surfing, stand up paddle-boarding, music production and walking his dog Nico.
Cybersecurity Vs. cyber resilience: why you need both
For digital companies, any length of downtime can translate into a big loss of productivity, which is why cyber resilience is becoming so important.
The fun part of cybersecurity (or infuriating part, depending on your perspective) is that it’s constantly changing. It’s a never-ending cat-and-mouse game between cyber attackers and cybersecurity experts, each trying to outsmart the other.
Since technology is so dynamic and humans are so innovative, creating a perfect defence against cyber attacks is basically impossible. There will always be new technologies, new tactics, new attacks and new vulnerabilities to contend with, which means things will inevitably go wrong.
Cybersecurity architects realise this, which is why the industry is undergoing a shift in the way we think about digital security. Instead of just chasing after the impossible dream of an impenetrable defence, experts are also exploring a different perspective: cyber resilience.
Cyber resilience accepts that things will go wrong. Attacks will happen, accidents, failures and human errors will occur. The goal is how quickly a system can bounce back from such a disruption and to minimise its impact.
While there are various definitions of the term ‘cyber resilience’, here’s how the Australian Securities & Investments Commission sees it:
“Cyber resilience is the ability to prepare for, respond to and recover from a cyber attack. Resilience is more than just preventing or responding to an attack—it also takes into account the ability to operate during, and to adapt and recover, from such an event.”
Cybersecurity vs cyber resilience
Cybersecurity encompasses the technologies, processes and strategies that are designed to protect systems, networks and data from being compromised. In other words, its goal is to safeguard your data and systems from attack.
Cyber resilience accepts that attacks and disruptions are inevitable. Therefore, it aims to ensure business continuity by increasing your company’s tolerance to disruptions. This includes minimising their impact, keeping critical operations running as close to normal as possible, and swiftly recovering from an incident.
Cybersecurity and cyber resilience are complementary to each other, and companies with mission-critical data and processes need to factor in both in their security strategy.
Accomplishing this requires a cultural shift. Businesses need to understand that information security is not just a one-off IT project, but an ongoing role that needs to be integrated into day-to-day operations to be effective.
It can be a difficult transition; any changes to the way business is traditionally done always face a bit of resistance. But we are now all living and working in a world that comes with non-traditional cyber risks, and we need to rethink the way we approach information security in our ever-evolving digital landscape.