Harnessing existing capabilities
For many organisations, the starting point for defining a cyber resilience strategy was the organisation’s existing business continuity planning and disaster recovery frameworks, which were commonly developed to ensure continuity in the face of physical disasters such as fire and extreme weather events.
According to Abbas Kudrati, a former CISO at KPMG Australia and now a lecturer on cyber security at La Trobe University, the elements of cyber resilience went far beyond just technical controls.
“Cyber resilience is not about being 100 percent secure, it is about how quickly you are able to recover when you are being attacked or breached,” Kudrati said.
“It is about getting back to business in a faster manner with the least impact to your business environment. Your people, process, technology, and architecture must align in a balanced manner.”
For Sandeep Taileng, information security leader for technology and transformation at State Trustees, the key attributes of cyber resilience were constant vigilance, robust construction, rapid damage control, and the ability to learn from experiences.
“It emphasises the ability to withstand attacks,…
