ao link
Business Reporter
Business Reporter
Business Reporter
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Global Agenda Series
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
Upcoming Episodes
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Host
Speakers
HRTalk
Upcoming Episodes
On-Demand
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs
Search Business Report
My Account
Remember Login
Register|Reset Password
My Account
Remember Login
Register|Reset Password
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Global Agenda Series
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
Upcoming Episodes
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Host
Speakers
HRTalk
Upcoming Episodes
On-Demand
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs

The Expert View: Integrating cyber resilience

Technology
Sponsored by Databarracks

Resilience is vital for modern businesses, particularly in a world where changing technology produces a host of new risks. Solutions must be carefully integrated and tested in training exercises, delegates heard at a recent Business Reporter breakfast briefing.

Linked InTwitterFacebook

“Cyber-risk is the driving factor in resilience today,” said Chris Butler, Resilience Director at Databarracks, opening a Business Reporter Breakfast Briefing at the Goring Hotel in London. He told attendees - all senior resilience experts from a range of sectors - that an integrated approach is the only way to deal with this problem. Every aspect of the business has to be resilient, and the different capabilities tied together.

 

This is a challenge, said those at the briefing, as changing technology changes threats. One participant said artificial intelligence (AI) could now be used to optimise attacks, such as by writing better phishing emails, or even to carry them out. In some cases, there is a risk of attacks against AI, for example, with attackers poisoning the target’s AI training data.

 

However, others were relaxed about the threat from AI, suggesting that it is simply a new way of carrying out the same attacks as before. If organisations are prepared for those attacks, then they will have gone some way towards protecting themselves against emerging threats. The priority is to get the fundamentals right.

 

Supply chain resilience

 

Even so, one area which raised concern for all was supply chain risk. An executive from a large financial services company said that major firms were facing fewer direct attacks today, with attackers instead targeting their suppliers and gaining access that way. An integrated resilience plan, therefore, must consider supplier vulnerabilities - but this can be difficult.

 

Attendees said they typically categorise suppliers based on the level of risk they represent. A third-party handling a business-critical process would therefore have a higher category than one that handles something trivial. But this often involves unwieldy questionnaires that everyone finds frustrating. Those at the briefing had experience of both sending and receiving questionnaires and all expressed hope for a better system, for example using a company’s existing certifications in lieu of certain questions.

 

There is a power balance at play here too, with smaller companies likely to have no choice but to comply with questionnaires or risk losing business. Major firms, in contrast, are often secure enough in their position that they can refuse to provide any information at all.

 

Protecting the Crown Jewels

 

Within the business, participants agreed that an important first step in building integrated resilience is a business impact analysis (BIA) to determine what really matters. If a company suffers an attack or outage and not everything can be brought back at once, what should be brought back first? What is the most important service, what technology enables it and what data does it depend on?

 

Those questions help identify the ‘Crown Jewels’ and the priority is to then put them in an environment you know you will have access to, whatever happens. A properly air-gapped backup is one tool here, said Mr Butler. Databarracks recommends a backup that is not just offsite, but also running on different systems and managed by different people.

 

Several of those at the briefing said that any backup strategy needs to have multiple elements. The amount of data most companies rely on is far more than they can realistically backup - at least not regularly. That’s why identifying the ‘Crown Jewels’ and ensuring those are protected is so important, then it’s a matter of having parallel systems, regular data snapshots, and other measures to fill in the gaps.

 

Incident training


Running through the conversation was an awareness that a truly integrated resilience plan needs to be driven by senior leadership. In some organisations, this can be difficult to achieve, though attendees noted that an incident provides a short window of opportunity for getting the board’s attention. The ideal is to reach a situation where the board is calling for greater resilience, but many organisations are stuck in the opposite position of trying to remind the board how important it is.

 

Nevertheless, regular training is essential, including tabletop exercises. These should include the board, senior staff, and their seconds-in-command. Other sessions, ideally, would be scheduled for other teams within the business, such as HR or marketing. The goal is to have a plan that people are familiar with.

 

When an incident occurs, leaders must be prepared to make tough decisions, often ones where all the options are unappealing. They also must ensure resources are available for recovery efforts and be prepared to remove barriers for the resilience team. Recovering from an incident can be a difficult and draining task, no matter how well prepared a company is. One thing that was clear from the briefing is that better preparation will make recovery significantly more likely.

To find out more, please visit: www.databarracks.com

Sponsored by Databarracks
cyber security
Linked InTwitterFacebook

Most Viewed

Business Reporter

23-29 Hendon Lane, London, N3 1RT

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

Cookie Policy
Terms of Business
17 Global Goals
Campaign Schedule
Lead Generation Media Kit
Sustainability Report
Contact Us
Privacy Policy
Terms and Conditions
Breakfast Briefing Media Kit
Media Kit
BR Studio
Content Guide
Traffic Drivers
Case Study

© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543

We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.
Cookie Settings