True organisational resilience is defined as much by security posture as by the organisation’s ability to adapt and pivot to the unexpected and unplanned, explains Padma Naidoo, Senior Security Consulting Manager at Dimension Data
Business resilience defines an organisation’s ability to go beyond just business continuity, enabling them to better build foundations that are agile, flexible and adaptable. To create systems and processes that allow for resilience in decision making and improvements in business capabilities during times of turbulence. It’s the seatbelt that keeps the C-Suite in place as the organisation navigates uncertainties and complexities in mercurial markets and complicated times. Properly managed and approached resilience can deliver benefits that include stakeholder confidence, enhanced digital transformation and capabilities, and the measurable achievement of strategic business objectives.
Taking the organisation down the business resilience road requires an intelligent approach that recognises the value of technology, stakeholder buy-in, C-Suite engagement, and digital transformation. True organisational resilience ensures organisations are well equipped to navigate the problems and uncertainties that define modern business, here are five secrets to achieving resilience today.
01: Differentiate between resilience and continuity
Business continuity refers to the policies, processes, and planning that enables the organisation to recover acceptable delivery of its products and services in the event of an unplanned event, such as a security breach, physical event or sudden market risk.
Business resilience encompasses business continuity but expands beyond It providing several proactive benefits to the organisation. It’s defined by the BS 65000 as the organisation’s ability to ‘anticipate, prepare for, respond, and adapt to incremental change and sudden disruptions in order to survive and prosper’.
Successful business resilience lies in rethinking ways of working. In building new pathways to engagement with partners, customers, employees and supply chains. It has to be driven from the board level, owned by executive management, and recognised as an essential, not an optional extra.
02: Embrace a flexible working environment
Organisations with multi-cloud environments achieve significant and measurable business benefits from agility, efficiency and scalability and the recent trend is an accelerated cloud / digital transformation strategy. It Is Imperative that these environments are secure and that data privacy and protection are woven into the very fabric of the organisation. This is particularly relevant today as data privacy and protection is mandated by legislation across more than 80% of the world, and data is one of the most critical assets of an organisation.
By completely rethinking your IT security to accommodate new ways of working today, and in the future, the organisation is capable of adapting to the continued impact of the pandemic and has the flexibility required to manage security, data, system and compliance intelligently.
03: Underpin resilience with security
Many organisations lack visibility into their cloud applications and systems, which leaves them vulnerable to attack and at risk of non-compliance. Resilience involves comprehensively unpacking the threat landscape and the business’s position to measure risks and vulnerabilities accurately. Then, using this information to inform security practices and ensure that a flexible working environment remains an asset, not a liability, and that the organisation is capable of fully realising its cloud investment. This is an iterative process, as the threat landscape is constantly evolving.
According to the NTT Ltd. 2021 Global Threat Intelligence Report (GTIR), the organisation has to stay ahead to achieve resilience in both the cyber and business realms. Privacy and protection are increasingly essential, and remote work attracts more web attacks (32%) and application attacks (35%). This puts the business under immense pressure to refine and redefine its security posture to ensure it has the right tools and systems in place to remain resilient in any circumstances.
04: Secure by design
Security is more than a system, a set of controls, a toolkit and training. It has to be a living process and state that evolves alongside the business, constantly moving through the chain of assessment, prioritisation, adaptation and implementation. The concept of ‘Secure by design’ allows for security to be effectively Integrated into the organisation. It prioritises people and process while allowing for the business to consistently adopt and manage best practice cybersecurity frameworks and standards to ensure that it remains a key strategic component of the business.
This approach moves security further away from the must do, must comply, must remain compliant mandate, and closer towards security as a business benefit and an essential pillar in defining business resilience. It ensures that all parts of infrastructure, applications, Interfaces and processes are secure so the business can drive value and transformation.
05: Don’t eat the whole elephant
Resilience encompasses every part of the organisation. In an IT context, it extends from flexible working enablement, to cloud investment, to secure by design, to recovery and off to the effective use of available data to better inform business decisions and processes. It can be overwhelming for the organisation to leap into resilience as an all-or-nothing approach, and unnecessary. Resilience doesn’t need to include every corner and crevice of the business; it just needs to be clearly defined by objectives that ensure a structured approach that meets business needs. And, these objectives need to be as resilient as the process itself, adapting to changes in the organisation’s micro and macro environments, its risk appetite and more.
A business resilience process that recognises the impact of the pandemic, the need for flexible working, the rise in cybercrime threat actors and vectors, and the new normal of privacy and protection, is one that can adapt to the challenges that lie ahead, and the challenges that are here, right now.