Over the last year alone, cyber-attacks have increased significantly, with some industry reports stating that these rose by over 60% worldwide. As we move into 2022, the increase in the number of such attacks is likely to continue, especially as we shift to a permanent hybrid working environment where security is unlikely to mirror in-office protocols.

“Today, we face more risk than ever before; we work from more devices, networks, multiple platforms and can work remotely anywhere,” says Esther Bellingham, associate director at Protiviti. “Malware, phishing ransomware attacks and other fraud pose a genuine risk. The attacks are also becoming progressively more sophisticated, requiring us to think about security in a different, more comprehensive way. But businesses are struggling to adapt.

“Businesses must now take a cyber resilience approach to security and should look to achieve better alignment of security with business objectives, enabling everybody to understand the risk during the organisation’s self-improvement processes and its adjustments to new cyber threats.” Organisations should take the following actions, adds Bellingham:
Anticipate: one of the first steps to cyber resilience is performing a risk assessment across the organisation. Understanding where the risk lies is a vital first step in becoming cyber resilient.

Withstand: the ability to maintain business-critical functions during an attack depends upon having the right security architecture in place. Business continuity planning plays a crucial role here, as does having an incident response plan detailing the roles and responsibilities that will be called upon during a cyber incident.

Recover: having a disaster recovery strategy in place that highlights the steps that should be followed to neutralise the impact of an attack is a necessary part of cyber resilience.

Adapt: Learn from what has happened and adapt architectural capabilities to withstand better future events, based on changes to the operational environment or the threat landscape. Handled correctly, the adapt phase can be considered ongoing threat modelling following the agile concept of continuous improvement.”