We explain what cyber resilience is and why it is the best cyber defence strategy.
It has become a cliché and you will have heard it said many times, but it is true. There are two types of companies, those that have suffered a cyber-attack and those that are going to suffer one. To which we add a third, the companies that are prepared to resist with cybersecurity plans. Which is your case?
According to data from the third annual study The State of Cyber Resilience, 37% of security breaches in Spanish organisations are indirect attacks targeting the weak links in the chain.
The good news is that the basic cybersecurity measures implemented by companies in Spain have reduced direct attacks by 11% and improved security breaches by 27%.
Furthermore, 82% of organisations in Spain spend more than 20% of their security budget on advanced technologies.
This growth in security investment reflects the increase in activity exposed to cyber-attacks. More and more businesses are relying on the cloud, on connectivity, on apification and on 100% digital environments. These environments need not be less secure than traditional ones, if the right measures are taken.
Cyber resilience in five steps
Step 1: Responding to an attack and conducting forensic analysis
After an attack, in addition to restoring security, it is necessary to assess what went wrong. This is done by forensic teams (CIFR) that will support the IT department.
Step 2: Analyse how vulnerable your business is and then protect it
By scanning devices and IP connections, weaknesses in your systems, misconfigurations or compliance failures are located and false positives are ruled out.
Step 3: Test your current security as if we were hackers
Simulating a real attack is the best way to locate vulnerabilities in your network and test cyber defence capabilities.
Step 4: Measuring your company’s resilience
High-risk users and their behaviours must be identified and malicious software must be tracked down even if it is dormant, both in the internal infrastructure and in the infrastructure of external providers and accesses.
Step 5: Raise awareness of phishing
This assessment is aimed at employees, who are tested through a simulated phishing campaign. In this way, the degree of cyber resilience and awareness of this type of attack within the organisation is measured.
All these steps and resources may not prevent you from suffering an attack, but they will allow you to be among the group of organisations that have been able to overcome it and turn your company into a cyber-resilient one. This is something that 65% of companies in Spain can already say, in line with 67% worldwide. Therefore, we can say that the best cyber defence strategy is cyber resilience.