{"id":67,"date":"2024-06-26T00:00:00","date_gmt":"2024-06-26T00:00:00","guid":{"rendered":"http:\/\/localhost\/wordpress\/?p=67"},"modified":"2025-03-11T14:09:00","modified_gmt":"2025-03-11T14:09:00","slug":"why-resilience-not-prevention-should-be-your-cybersecurity-goal","status":"publish","type":"post","link":"https:\/\/origin-www.paloaltonetworks.in\/perspectives\/why-resilience-not-prevention-should-be-your-cybersecurity-goal\/","title":{"rendered":"Why Resilience\u2014Not Prevention\u2014Should Be Your Cybersecurity Goal"},"content":{"rendered":"

At some point soon, our organizations will be hacked. We won\u2019t know exactly when, where, or how, but it will happen.<\/p>\n

For all the hard work, dedication, long hours, and a substantial amount of money we all put into preventing cybersecurity threats from damaging our organizations, it simply doesn\u2019t change the fact\u2014yes, the fact\u2014that successful cybersecurity attacks are inevitable. As important as strong preventative measures are, we can\u2019t pretend that a strategy built solely or primarily around preventing attacks is enough.<\/p>\n

What\u2019s the alternative? Fortunately, we have a good Plan B, which I think should become almost every organization\u2019s new Plan A. It\u2019s cyber resilience, and it starts with the assumption that all organizations will be hacked at some point. A cyber resilience strategy ensures that when our defenses are penetrated, and our data is exfiltrated, we can recover quickly and completely, thus limiting damage. Most importantly, cyber resilience ensures that we continue to operate on a nearly continuous basis with little or no downtime and with minimal negative impact.<\/p>\n

Let me anticipate your next question: No, I am not advocating a policy of digital appeasement, where we let the bad actors do their thing and focus entirely on damage control. Far, far from it, in fact. Prevention must remain an essential part of our cyber defenses; we can\u2019t let the attackers run amok inside our systems. We must make life difficult for hackers, thieves, and digital miscreants. No one wants to be an easy target.<\/p>\n

But a prevention-centric, or prevention-first, approach to cybersecurity almost guarantees that someone or something will get inside our walls and wreak havoc, impacting our ability to keep mission-critical systems up and running. That outcome carries serious financial, operational, reputational, legal, and regulatory impacts. In some industries, downtime or data exfiltration can carry life-or-death implications.<\/p>\n

Why Cyber Resilience Is a Better Approach<\/h2>\n

I like cyber resilience as the cornerstone of a cybersecurity framework for several reasons. First, although much of the responsibility falls on the IT and SecOps teams, emphasizing sustained operations rather than threat prevention puts the onus across the entire organization. It becomes\u2014in the case of manufacturing\u2014a site-specific strategy for a managed recovery. It\u2019s not an IT or security problem but an organizational imperative. Finance, operations, R&D, supply chain, customer service\u2014every core part of our business is involved because the emphasis is on sustaining critical business operations.<\/p>\n

Second, it shifts the need for continuous visibility from cyberthreats to how those threats may impact the business. C-suite executives, board members, and even our partners and customers should know that we are maniacally focused on minimizing risk to revenue, profits, and brand reputation rather than on blocking phishing attempts.<\/p>\n

Third, resilience doesn\u2019t mean you put aside the basic blocking and tackling of cybersecurity. It reinforces the need for intelligent cyber hygiene, regular testing, a competent backup and recovery strategy, and a focus on real-time communication inside and outside the organization. Resilience doesn\u2019t replace traditional detection-and-response requirements; it augments and cements it.<\/p>\n

Fourth, cyber resilience puts aside the often misplaced prioritization of compliance as a proxy for good cybersecurity. As crucial as regulatory compliance is as a byproduct of cybersecurity best practices, it is not an end. Cyber resilience makes compliance easier and more efficient to demonstrate. Going beyond the bare minimum of compliance, cyber resilience streamlines the demonstration of adherence by fostering repeatable and documented processes alongside a well-maintained, up-to-date, and tested incident response plan.<\/p>\n

Momentum for Cyber Resilience Is Building<\/h2>\n

There\u2019s good news for those reading this article and wondering how you can sell a mind-shift change like this to your management and colleagues. The concept of cyber resilience has rapidly gained ground in recent years. This idea took root in the past decade and has steadily gained acceptance and adoption.<\/p>\n

Market research organizations\u2014another important influencer group in promoting emerging industry trends and educating executives on language and processes\u2014also have picked up the banner of cyber resilience. Enterprise Strategy Group (ESG), a leading market-watcher and publisher of important cybersecurity market data, noted that \u201cbetter resiliency\u201d was the number-two benefit achieved by organizations in building cloud-native applications.1<\/sup> In another report, ESG said \u201cimproving cybersecurity and resiliency against cyberattacks\u201d was the number-one consideration in justifying IT investments in the next 12 months\u2014language matters.2<\/sup><\/p>\n

Manufacturing companies must pay obsessive attention to resilience because the cost of downtime or data loss can be massive to us\u2014and not just the financial costs. It wasn\u2019t quick or easy for us, and I won\u2019t try to tell you it will be for your organization. What I will tell you is that the effort was well worth it for us, and it will be for you, too.<\/p>\n

Next Steps Toward a Resilience-Based Cyber Strategy<\/h2>\n

Let me close with a few suggestions that may help you make this journey toward cyber resilience successful for you and your organization:<\/p>\n