A couple of weeks ago I had the pleasure of introducing Bruce Schneier and Larry Ponemon at an event focused on Cyber Resilience. If you’re interested in the material, there’s a recorded version available here.
Bruce and Larry are both rock stars, so the content was terrific. I thought I would share some of the things I learned.
Cyber resilience is an up and coming term in the cyber security world. It represents the ability to manage, mitigate, and move on from a cyberattack. It kind of reminds me of the Rocky speech to his son in Rocky 4. “It ain’t about how hard you’re hit. It’s about how hard you can get hit and keep moving forward. How much you can take and keep moving forward.”
Here are some of the things I picked up:
- Businesses all agree that sooner or later, they’re going to get tagged. Most organizations are not ready to take that punch. Only 32% of organizations feel that they can properly recover from a cyberattack.
- Planning and process are the keys. Tools help but only in the hands of trained and prepared teams. In the word of Mr. Schneier, anti-virus is a technology-first solution but incident response is a human-first endeavor.
- Collaboration between business and operational units is critical during an incident, but 32% of companies polled report that collaboration is poor or nonexistent in their organization.
As a kid, I learned to waterski one sunny Saturday on a lake near our house. I remember that just learning to get up on top of the water took a long time. But once I got up, I discovered a whole new issue. What was falling going to be like? And on that whole first time up, I really couldn’t think of anything other than worrying about my eventual fall. Regardless of how long it had taken to get up, I basically fell almost right away, just to understand what that part of the experience was going to be like. It wasn’t bad and the rest of the day was great.
Sooner or later, we’re all going to fall. We need be ready to fall well and get back up.