How to navigate your way to stronger cyber resilience

Padlock against circuit board/cybersecurity background
(Image credit: Future)

Cyber resilience is about having the tools and security measures in place to withstand, respond to and recover from a security incident. Cyber resilience is about being able to bend rather than break.

Effective prevention and detection measures remain a critical first line of defense. However, cyber resilience is about shifting from focusing solely on blocking attacks to being able to contain and neutralize an incident. In today’s rapidly evolving threat landscape, security teams need strategies that will enable them to deal with a successful breach and get back on their feet as quickly and effectively as possible.

The report explains that many organizations are finding it hard to implement company-wide security policies. Can you outline some of the key challenges they’re facing and how they could overcome these?

Implementing consistent security policies across the business can be a technical challenge but is often also a cultural one. For example, some business leaders can be reluctant to enforce security practices that might appear inconvenient or restrictive. Some employees might resist controls such as ‘just-in-time’ or ‘least privilege’ access to certain applications or data, especially if they’ve had open access before.

Some employees might not be aware of security policies, unsure whether they apply to their systems or roles, or believe that their area should be an exception. Such misunderstandings can lead to confusion and resistance and ultimately get in the way of effective implementation, increasing organizational risk.

The more open and transparent business and security leaders can be with employees about what the policies are, who they apply to and why they matter, the easier it will be. These conversations promote understanding and cooperation, especially if they are supported by regular training. It is important to be responsive to change and to regularly review and update security policies, so they are aligned with evolving threats and business requirements.

Siroui Mushegian

CIO at Barracuda Networks Inc.

Every organization's risk profile is different – how can organizations best prioritize the risks they need to manage?

To manage risk effectively, an organization needs to understand both the level of risk it faces and the level of protection it is willing to invest in.

Organizations have a different appetite for risk, some will accept a higher level of exposure in return for greater access and flexibility, others will want to lock almost everything down – most fall somewhere in between.

To understand the risk level, you need to identify the circumstances and events that could harm your operations, assets, employees, and others. What assets do you have, where are they, who has access to them? What are your most important assets for maintaining business continuity and operations? What risks do they face? Once you know this, you need to consider the likelihood that these risks will occur and their potential impact.

You can then decide on the level of protection you want and need, and which risks need priority attention. Not every company has all the security resources, tools, and processes it needs on day one, and risk levels change over time. A roadmap approach and a centralized risk register will help you to keep track of your organization's risks and enable informed decision-making about managing or mitigating them.

What are the best practices for developing and testing robust incident response strategies, and what are the common pitfalls to avoid?

A robust incident response plan should apply across the business. It should consider how incidents will be contained and neutralized, the maximum downtime your critical systems can sustain, and whether there are manual processes you can revert to if needed. It needs to address how customers could be impacted, the service levels you are committed to, and the regulatory compliance demands. Don’t forget about internal communications to staff and external communications to customers, partners, and the press.

Incident response plans need to be adapted as circumstances change. New technologies, new markets, regulatory changes, and more all need to be factored in.

They also need to be tested. You can do this by, for example, targeting your own organization with a ‘purple team’ approach or through a table-top exercise.

Purple teams manage and co-ordinate incident response simulations, creating scenarios where a ‘red team’ can launch a mock incident to which a ‘blue team’ then responds. Such simulations help companies to improve their ability to detect, respond to, mitigate, and learn from security incidents.

A table-top exercise is a simulated cyber incident, minus the actual damage, impact and cost. The most effective table-tops are controlled, scenario-based exercises where key stakeholders, such as IT personnel, security teams, business and functional leaders, come together to work through and evaluate their combined response to a hypothetical security incident.

If an organization doesn’t have a plan for what to do if a security incident takes place, they risk finding themselves in the precarious position of not knowing how to react to events, and consequently doing nothing or the wrong thing.

The report also shows that just over a third of the smaller companies worry that senior management doesn’t see cyberattacks as a significant risk. How can they get greater buy-in from their management team on the importance of cyber risks?

It’s important to understand that this is not a question of management failure. It is hard for business leaders to engage with or care about something they don’t fully understand. The onus is on security professionals to speak in a language that business leaders understand. They need to be storytellers and be able to explain how to protect brand reputation through proactive, multi-faceted defense programs.

Every business leader understands the concept of risk. If in doubt, present cybersecurity threats, challenges, and opportunities in terms of how they relate to business risk. For example, what would or could happen to business operations, revenue, and brand reputation in the event of a cyber-breach and what investments are needed to manage risk so that this doesn’t happen?

We've featured the best business VPN.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Siroui Mushegian is CIO at Barracuda Networks Inc.

Read more
Hack The Box crisis simulation event
“Everyone will experience a hack” - how incident response can protect your organization
Eu
Is your business ready for DORA? Cisco ThousandEyes outlines the "three pillars" everyone needs to have in place to be resilient
Abstract image of cyber security in action.
It’s time to catch up with cyber attackers
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Being ready when the cyber crisis happens
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
The importance of understanding your minimum viable operations
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
Latest in Pro
An image of network security icons for a network encircling a digital blue earth.
Why multi-CDNs are going to shake up 2025
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Millwall FC The Den
The UK's first football club mobile network is here - but you probably won't guess which team has launched it
A person using a smartphone with a cybersecurity lock symbol appearing over it.
The growing threat of device code phishing and how to defend against It
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI