Why Cyber Resilience May Be More Important Than Cybersecurity

Cyber resilience unites IT cybersecurity with business continuity and overall organizational durability. When properly deployed, the concept leads to the ability to continue routine operations when facing cyberattacks, as well as natural disasters, economic downturns, and various other crises.

Understanding that a successful cyberattack might occur at any moment, no matter how robust a cybersecurity program may be, means that organizations should focus on resilience as much as prevention, says Brett Tucker, a professor at Carnegie Mellon University’s Heinz College of Information Systems and Public Policy, in an email interview.

Many enterprises feel that cyber resilience is more critical than cybersecurity, since it encompasses a broader approach, observes Mike Mellor, vice president, cybersecurity consulting, at managed security services provider Nuspire via email. “While cybersecurity focuses on preventing cyber threats, cyber resilience includes preparation, response, and recovery,” he says. “It acknowledges that despite best efforts in prevention, cyber incidents may still occur, and thus prepares organizations to handle and recover from such incidents, ensuring business continuity.”

Cybersecurity leaders can’t always predict an imminent threat, but they can do their part in building resilience throughout their organization’s network to strengthen their ability to detect and respond to malicious attacks, says Chaim Mazal, chief security officer at network security firm Gigamon, in an email interview. “To do this, organizations must have real-time, accurate, and strong visibility into all network traffic to identify any nefarious activity,” he explains. “In doing this, time and time again, organizations can build resilience and strengthen their ability to protect their network.”

Related:How to Build True Cyber Resilience

An Essential Tool

Cyber resilience is essential, since it extends beyond the mere prevention of cyberattacks. “It involves strategies to keep an organization running during and after a cyber incident, protecting data and systems, and maintaining business operations,” Mellor says. “This approach is crucial in a digital world, where cyber threats are evolving and can significantly impact a business’ stability and reputation.”

In a cyber world in which attackers can create generative AI-based malware, and deepfakes, cyber resilience provides effective defense. “The threatscape will continue to advance, and cyber leaders must maintain a strong view into all network traffic to identify nefarious activity,” Mazal recommends.

Related:How to Build a Strong IT Risk Mitigation Strategy

Complementary Technologies

Cybersecurity and cyber resilience complement each other by covering distinct aspects of enterprise protection. “Cybersecurity serves as the first defense against cyber threats, focusing on prevention,” Mellor notes. In contrast, cyber resilience prepares adopters to cope with the reality of emerging threats, emphasizing response and recovery. “Together, they provide a comprehensive approach, ensuring not only the prevention of attacks, but also the capability to manage and recover from them while maintaining operational integrity.”

Many people mistakenly equate cyber resilience with cybersecurity, believing that preventive measures alone offer full protection, Mellor says. “This overlooks the critical cyber resilience aspects of response, recovery and business continuity,” he states. “To effectively build cyber resilience, organizations must acknowledge the possibility of cyber incidents, including data breaches, and actively prepare to withstand and recover from these incidents.”

When it comes to cybersecurity and cyber resilience, you can’t have one without the other, Mazal says. “A cybersecurity defense posture is only as strong as the organization’s ability to withstand pervasive malicious actors over and over again.”

Related:Sign Up for InformationWeek's New Cyber Resilience Newsletter

Organizations must be prepared to recover their operations in a rapid and efficient manner despite operational interruptions from cyber incidents, Tucker says. “Without that resilient nature, an organization will likely not survive most cyber incidents,” he warns.

Many organizations shy away from cyber resilience, mistakenly believing that reaching the goal will be difficult and expensive. “However, organizations that work to build risk awareness within their culture through good policy and governance may easily recognize a return on their risk investment when an incident strikes,” Tucker says.

Final Steps

Creating a successful cyber resilience strategy requires a comprehensive risk assessment that prioritizes critical assets, implements strong cybersecurity controls, develops incident response and business continuity plans, and engages in regular employee training, Mellor recommends. Other steps include routine testing, continuous threat monitoring, effective third-party risk management, complying with legal and regulatory standards, and ensuring senior management involvement. “This holistic approach combines technical, procedural, and cultural elements to effectively fortify against and respond to cyber threats.”

Cybersecurity leaders should not stop building resilience until they gain full visibility into all network areas, allowing them to know what their organization is up against at all times, Mazal says. “This takes commitment, but organizations are only as resilient as their weakest links or, in many cases, their biggest blind spots,” he states. “With [nearly all] malware hiding behind encrypted traffic, visibility must be infused into organizations’ cyber resilience strategies to ensure they’re protected.”