search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
industryopinion Resilience blueprint


Sean Tilley, senior director of sales at 11:11 systems discusses the strategic steps to building operational resiliency.


G


lobally cybersecurity is soaring to critical levels of concern for organisations. The Veeam 2023 Data Protection Report highlights that 85% of organisations have been hit by at least


one cyber-attack, illustrating the difficult journey towards recovery. The average recovery from an attack can drag on for a staggering three weeks, not only impacting operations but also carrying with it significant financial implications. Therefore, cyber resilience must adopt comprehensive strategies to ensure operational and cyber resilience. To start the journey to cyber resilience, companies must


implement a multi-layered security approach that includes firewalls, antivirus software, intrusion detection systems, and other defensive mechanisms. It is also important to minimise the human risk and to achieve this, organisations must make sure that their staff are trained on cybersecurity best practices and the implications of non- compliance with regulations. This training should be an ongoing process that employees take part in. It is also vital that comprehensive risk assessments to identify


vulnerabilities in the systems take place regularly. This process should align with the requirements of relevant regulations and standards like GDPR, HIPAA, NIS2, and DORA. It is also valuable to evaluate how the regulations affect the business and at the same time verify if the organisation is covered. Investing in cutting-edge solutions for data protection, disaster


recovery, and real-time oversight to stay ahead in compliance can go a long way in improving a company’s defences against possible attack. It is equally valuable to review and update policies and procedures to mirror the current compliance landscape, covering everything from data protection to crisis management and ongoing operations assurance. This not only provides the organisation with peace of mind that it is adhering to the regulatory requirements, but it also provides best practice advice on how to keep data safe and secure in the event of a breach. In addition to this, companies must ensure their technology arsenal


is fortified with the latest security patches as this routine maintenance can prove detrimental to defending against recognised threats.


Bridging education and access control The weakest link in an organisation’s cybersecurity chain is human error. While mistakes happen, companies can minimise the


www.pcr-online.biz


possibility of employees falling for phishing attacks or similar by driving an education culture where employees are made aware of cybersecurity awareness risks and trained to avoid becoming victims. However, while education is important is not enough to


completely minimise risks. Stringent access controls form the backbone of a comprehensive security strategy, ensuring that the principle of least privilege is rigorously applied meaning that each member of the team possesses only the keys strictly required to unlock their duties, significantly reducing the surface area for potential security breaches. This approach, known as Zero Trust, provides security teams with the tools needed to constantly monitor the IT environment and ensure they are equipped to detect and respond to possible threats immediately. At the same time, it is equally important to ensure ongoing mapping and testing are carried out to stay on top of any new sophisticated threats and vulnerabilities. The main target of ransomware attacks is the data. To protect


it, organisations must start with reliable backups, where they can significantly reduce the danger of data loss. To do this it is vital to frequently backup critical data using cutting-edge data security methods and regularly test the recovery procedures. Incorporating cyber incident response drills into recovery tests and emphasising the ability to restore operations in a clean room environment are also important steps for resilience in the event of a cyberattack or data loss. By incorporating these key strategies and best practices,


organisations can navigate the shifting regulatory terrain with solid cybersecurity infrastructure that will help them not only withstand threats but integrate resilience into their core operations and culture. Fundamental to the resilience strategy is a thorough, routinely


updated Incident Response Plan. This roadmap should clearly outline the actions for handling security breaches, aligning seamlessly with regulations. As part of most new regulations, boards of directors are going


to be legally responsible for organisations not being compliant. As such it is necessary for the resilience plan to include senior stakeholders in cyber risk management. Further, evaluate the security posture of the supply chain, focusing on the partners and third-party vendors and ensure that they meet security benchmarks, especially when managing sensitive data.


September/October 2024 | 13


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52