Introduction
Learn more about cyber resilience and how RESILIA certification can help you develop an exciting career in cyber resilience.
In an age where we spend lots of time in cyberspace, we’re more exposed to cyber threats than anyone could imagine. Hence, it’s in every person’s interest to be cyber aware online and take steps to keep themselves and their organisations free from cyber harm.
Playing catchup
Preventing malicious cyber attacks isn’t enough nowadays, especially for large corporations and companies. Cyber security is always one step behind cybercriminals. That’s because as hackers find new security holes to exploit, software and IT hardware companies rush to bring out fixes to patch the hole. Cyber security organisations are therefore always playing catchup.
Expect to suffer a cyber breach
It’s not a question of if an organisation will suffer a cyber security breach, it’s a question of when. This means an organisation must assume it will suffer from a breach at some point and take steps to ensure incidents are detected promptly and the effects are corrected. It cannot rely entirely on defensive procedural and technical controls (cyber security) to prevent an incident [1].
Recovering from cyber attacks is vital
Organisations are concluding that protecting their assets and networks must be enforced on a much larger scale by not just preventing external cyber attacks, but also by detecting them in advance. That’s why cyber resilience is needed. Recovering business operations with as little damage as possible is vital in the aftermath of such cyber attacks.
History of cyber resilience
Cyber resilience started in 1990 when the internet was born. Computers at that time had limited access to information on the web. When the need to access resources and the usage of electronic communication increased, security controls were enhanced to protect valuable personal and business information. Cyber security techniques weren’t enough for the dynamic and rapid changes of the digital age within large businesses, putting them at high risk with no backup plan. Therefore, cyber resilience came into existence to recover and adapt after any misfortunate cyber attacks.
Definition of cyber resilience
Cyber resilience is defined as the ability to prevent, detect and correct any impact that incidents have on the information required to do business [2]. Cyber resilience differs to cyber security as, in addition to preventing cyberattacks, cyber resilience detects them and corrects the damage.
Why is cyber resilience important?
Cyber resilience is extremely important because it helps organisations take the necessary measures to address risks, ensuring they can continue delivering their business objectives and outcomes in total confidence, and build trust in business relationships with internal and external customers.
WannaCry
We all heard of the May 2017 WannaCry cyberattack that affected the NHS in the UK. WannaCry was malicious software that exploited a vulnerability in a Windows PC which hadn’t been updated for a long time. It blocked access to NHS staffs’ computers and asked for money to release it. It may have slipped into the NHS’s network by files normally sent via email.
WannaCry had a negative impact on the NHS, as staff were forced to revert to pen and paper and use their own mobiles after the attack affected key systems including telephones. Some hospitals and doctors’ surgeries in England were forced to turn away patients and cancel appointments[3].
The NHS had to act fast to recover from the damage that this incident caused. This required it to update its current software and applications and put in place a prevention strategy.
The example of WannaCry shows that the theft of customer and employee data, corporate strategies and financial records can not only cost organisations a fortune but can have serious consequences for their customers too. Consequently, preparing to deal with such threats is crucial and dealing with the consequences is a hefty task.
Ensuring cyber resilience
Corporate risk management, in addition to merging cyber security and business continuity management, is a framework that some organisations use to carry out cyber resilience.
Tasks, procedures and tools can help this framework to succeed, include:
- Scope Statements
- Gap Analyses
- Risk Assessment Tools
- Information Security Continuity Plans
- Internal Audit Procedures
- Business Continuity Policy, Objectives and Planning Procedures
- Business Impact Analysis Procedures
- ISO standards like ISO 27001 and ISO 22301
Some organisations integrate cyber resilience into a management system based on ITIL and this has been proven to be effective[4]. If organisations choose to base their cyber resilience management system on ITIL, they’ll often use the same lifecycle stages of ITIL – strategy, design, transition, operation and continual improvement.
Cyber resilience responsibility
The departments responsible for cyber resilience typically stretch beyond the IT department, as human resources, project management and leadership & management teams are often involved. At the same time, it is always the individual’s responsibility to be cyber alert while using their personal or work devices.
Secondly, it’s the organisation’s responsibility to educate its staff about cyber resilience with up-to-date learning programmes such as induction training, cyber security awareness courses and monthly meetings.
Finally, board members and upper management have a pivotal role in applying an efficient and practical cyber resilience strategy that protects the organisation’s assets, outcomes and interests.
Cyber resilience careers
Cyber resilience professionals are in-demand within the finance, publishing, banking, retail, marketing and law sectors. Some of the common job titles found in cyber resilience are:
- Cyber Resilience Consultant
- Risk Manager
- Security Consultant
- Auditor
- Information Security Consultant
- IT Auditor
- PCI DSS Consultant
- Penetration Tester
- Senior Auditor
- Senior IT Auditor
- Senior Penetration Tester
- Senior Tester
- Tester
- Audit Manager
- Operations Manager
- Security Manager
- Senior Audit Manager
- Senior Manager
- Technology Risk Manager
- IT Security Auditor[5]
How RESILIA can help?
RESILIA can help an organisation to:
- Design and deliver cyber resilient strategies and services in line with business needs
- Integrate cyber resilience into existing systems and processes
- Establish a common language for cyber resilience across the organisation
- Minimize the damage from a security breach and enable speedy response and recovery[6].
On the other hand, RESILIA enables individuals to contribute to better cyber resilience, avoid social engineering pitfalls and help educate others about being cautious and alert online.
Landing a cyber resilience role
Getting into these roles usually requires cyber resilience experience and qualifications. Starting in a cyber security role can help you ascend to a more complex job in cyber resilience. Qualifications wise, academic degrees from universities/colleges and professional certifications will make your CV stand out from the crowd and boost your chances with employers.
There is a professional cyber resilience qualification called RESILIA®[6]. It is part of the same suite of AXELOS Management Best Practice products as PRINCE2®, ITIL® and MSP®.
RESILIA certification exists at two levels:
RESILIA Foundation
RESILIA Foundation helps students understand how decisions effect good/bad cyber resilience. Students also learn how to make good cyber resilience an efficient part of business and operational management.
RESILIA Practitioner
RESILIA Practitioner helps students understand what actual cyber resilience looks like in practice, and the risks that can easily harm cyber resilience. Students will also gain an understanding of how to get best balance of risk, cost, benefits and flexibility within an organisation.
Conclusion
Continued use of the internet and an increasing reliance on networks means cyberattacks will rise and never end. Having inadequate cyber resilience strategies and hoping that your organisation won’t be hit is courting disaster. The demand for cyber resilience professionals will continue to grow. In fact, there’s currently a huge gap in knowledgeable cyber resilience professionals, so now is the perfect time to start a cyber resilience career.
Inspired to start a career in cyber resilience? To help get you started study the RESILIA Foundation online course. Contact our team and ask for a demo!
List of references
[1] AXELOS (2015). Cyber Resilience Best Practices. Norwich: TSO (The Stationery Office). p7.
[2] AXELOS (2015). Cyber Resilience Best Practices. Norwich: TSO (The Stationery Office). p8.
[3] Chris Graham. (2017). NHS cyber attack: Everything you need to know about ‘biggest ransomware’ offensive in history. Available: https://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-biggest-ransomware-offensive/. Last accessed 04 Sep 2018.
[4] AXELOS (2015). Cyber Resilience Best Practices. Norwich: TSO (The Stationery Office). p49.
[5] Unknown. (2018). Cyber Resilience Jobs. Available: https://www.itjobswatch.co.uk/jobs/uk/cyber%20resilience.do#Skill-Set-Job-Titles. Last accessed 05 Sep 2018.
[6] John Tibble. (2018). Don’t WannaCry? Then don’t think Cyber is just for ‘Spooks’. Available: https://www.axelos.com/news/blogs/may-2018/dont-wanna-cry-dont-think-cyber-is-just-for-spooks. Last accessed 05 Sep 2018.