The concept of businesses being cyber resilient has recently come into focus and is a significant question for many companies today due to the growing complexity of threats and vulnerabilities they face. In my previous article for CSO, "What should a cyber-resilient business look like?" I theorized that a good visual cue to demonstrate to organizations how they could be resilient is: Cyber Hygiene Controls + NIST Resiliency Techniques = Objectives = Business value through resilient operations.
To summarize, for a business to meet the objective of resilient activities it needs to incorporate a security and risk management program, implement security controls to manage its risk exposure, and continually monitor for changes in risk over time. With that information in mind, this article offers small- and medium-sized businesses (SMBs) five simple steps for becoming cyber resilient.
One of the most fundamental concepts CISOs follow is visibility. If the CISO and security team don’t know an asset or service exists, how can they understand its potential risk? It's this context that led me to write about cybersecurity as a lifecycle, a process of continuous interlinked operations and the first step in the cybersecurity lifecycle was “inventory,” which I believe applies to our current discussion on cyber resiliency.
For an SMB to begin its effort to become cyber resilient, it needs to have visibility; it needs to have an understanding of what’s essential to the business and what resources are required to protect its business operations.
To read more and to see all 5 steps, head over to CSO Online.