Establishing the basics of cyber resilience
April 1, 2020 |
3 min read
Companies worldwide are now realizing that cyber resilience is not just a “good to have”, but a necessity.
It’s no longer a question of if but when risks will emerge and when vulnerabilities are exploited with threats relating to information assets such as data, systems and infrastructure.
And while organizations lean towards innovative ways of establishing their cyber resilience capability, players who pose threats are becoming increasingly creative too. For example, fraudsters previously obtained information via messaging applications or text messages but now, they’re gathering intelligence through masking techniques (a relatively recent development in FinTech – pretending to be your colleague or the company), making it hard for customers to identify legitimacy. Therefore, improving one’s Security Operation Centre capability to protect, detect and respond to these incidents is important.
This constant change in cyber threats is why certifying in RESILIA® Foundation can be an advantage for cyber resilience practitioners. It enables them to strengthen the fundamentals of cyber resilience and consequently prevent them from complacency, which can happen with the years of experience they bring to their respective organizations.
Integrating security with business mission
In our organization, we have built our cyber resilience framework aligned with our business mission: providing secure, accessible and convenient FinTech solutions.
We put an emphasis on security to provide stakeholders with a reasonable assurance that our products and services are safe to use. Moreover, as a Fintech company we use the Know-Your-Customer (KYC) process when asking for personal and sensitive information. Therefore, it is imperative that information confidentiality is not breached, data integrity is not compromised and availability of our products and services is not disrupted for a long period.
So, our framework for cyber resilience overall aims to protect our resources, i.e. workplace, equipment, technology, human resources and third parties. And it enables our employees to recognize their role in protecting both customer data and their own personal information. We support this framework by adopting best practices, deploying appropriate technological solutions and by adhering to international standards.
RESILIA Foundation – essential cyber resilience skills
Having just certified in RESILIA Foundation, I can see how it helps practitioners recognize the different elements within the cyber resilience ecosystem. This includes but is not limited to information security, business continuity, ICT continuity, risk management, supply chain resilience and other elements. How we integrate these is what defines the maturity of an organization’s cyber resilience capability.
For example, the information security (IS) team can leverage the business continuity team’s business impact analysis to better understand functions across the organization. Meanwhile, the BCM team can benefit from the IS team’s asset registry to evaluate critical assets/requirements during its risk assessment process. This relationship among teams enables the business to become more effective and efficient in achieving its goals. And, with RESILIA, a common language is available to communicate across departments.
Having the certification means investing in skills, education and training which gain trust and confidence from colleagues. It is undeniably a step in achieving a professional level of competency in the industry. What is also crucial to recognize is the reputation of this best practice certification.
RESILIA is definitely a “must-share” and will form part of our continuous improvement mechanism and awareness programme (i.e. cybersecurity week, information security roadshows, refresher courses/training) to enable further growth and progress.