This article has been repurposed from my presentation on “Managing cyber disruptions confidently with a paradigm shift in cyber culture” at the Cyber Security & Data Protection Summit in November 2020. The company, the characters and roles featured in the following videos are fictional.
- The Immediate Reaction
- The Inquest
- CEO, Lucinda Porter
- Former CIO, Gemma Jones
- CISO, Carl Hooper
- DR Manager, Jay Varma
- CMO, Laura Croft
- CRO, Uche Afumba
- IBM Cyber Incident Recovery
Cyber resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber-attack. Cyber resilience needs an end-to-end approach that brings together critical areas to ensure organisations continue to function during cyber-attacks and cyber outages.
Some of the cyber-attacks we saw in 2017, NotPetya and WannaCry in particular, caused widespread and devastating outages. NotPetya cost the globe $10bn while WannaCry cost somewhere between $4bn and $8bn. This is not just the fact that companies were taken down; one company specifically, had 45,000 PCs and 4,000 servers deleted in seven minutes, two minutes later their phone system went down and their security gates in every single one of their buildings across the globe was shut.
You simply cannot react to that fast enough. Companies really struggle to survive attacks like this, so we need to make sure businesses can continue to function in the face of cyber-attacks.
What are the immediate reactions when a cyber attack hits a business?
In the Ponemon Institute's Cost of Data Breach Study on operational risk in 2019, several business owners were asked to respond to the question: “Who has the overall responsibility for directing an organisation’s efforts to ensure a high level of cyber resilience?”
Below are the results:
23% Chief Information Officer
22% BU Leader
14% Chief Information Security Officer
11% No one person
9% Business Continuity Manager
7% Chief Risk Officer
7% Chief Executive Officer
6% Chief Technology Officer
Cybergeddon: The Inquest
Watch as each of the functions respond to questions around who is ultimately responsible for ensuring the organisations resilience to cyber attacks.
Lucinda Porter - CEO, SMart
Gemma Jones - Former CIO, SMart
Carl Hooper - CISO, SMart
Jay Varma - Disaster Recovery Manager, SMart
Laura Croft - CMO, SMart
Uche Afumba - CRO, SMart
The approach and solution are not isolated to one area; cyber resilience should be holistic, and only by looking at the bigger picture and zooming in on each detail, can you fully understand how a business needs to operate.
What happened to SMart could quite easily happen to any other organisation. Operational and organisational resilience is everyone’s responsibility, and it should be treated as such. To help organisations such as yours build cyber resilience capability, IBM has developed incident recovery software and services, demonstrated below:
Find out more from this demo
Felicity has spent her life immersed in technology and is passionate about ensuring companies build Resilience right into the core of their strategy and architecture. She understands the importance of Transformation into the Digital World as well as the risks of not having services available. Felicity started her career as a hacker, and has worked for technology giants for over 25 years, in that time she has worked and advised Companies, Governments and Standards bodies on the emerging IT trends and ensuring integrity and sustainability is baked into the heart of IT. Felicity has a wealth of expertise and experience throughout her career and her insights and perspective are refreshing. She also is an advocate of driving STEM skills into the younger generation and is an active mentor and coach to the next generation of technologists.