WINDHOEK, MARCH 21 – Winter is coming and flu season is drawing closer. There will be coughs, sneezes and sniffing of nose. All because we didn’t take the necessary precaution to safe guard our bodies and get a flu shot. We need protection from viruses that infiltrate our immune system. Our bodies are a complex network that need to be protected, just like IT-networks in organisations and its information. They too need to be protected against viruses and much more.
In this hyper connected and Internet connected world we are exposed to dangers. Data breaches, hackers stealing identity, phishing, cyber-attacks and large scale online fraud to name a few. We have virus scanners, firewalls and cyber-security guidelines which organisations and employees use and adhere to. Still, organisations are breached despite all of this often resulting in major reputation, business and financial damage.
An organisation cannot and should not fall to a common cold or flu. However if they do, like a person, how quickly they recover demonstrates the true mettle of the organisation, its cyber resilience if you will. It should bounce back. Ask yourself; “Would your organization have the ability to withstand, respond to, and recover from a cyber-attack or data breach?” The goal of cyber resilience is to maintain the confidentiality, integrity, and availability of data and business operations. It acts as a pre-flu vaccine. But as with any flu vaccine you need it before the attack for it to be effective.
As more and more services move online in Namibia, more data is collected. With the increasing stability of Internet and higher speeds, services that were beyond our reach in Namibia are now accessible. Just think of Netflix, online insurance brokers, banking apps, online payment solutions and many others.
We are more than willing to give our personal details and simply assume it will be handled, carefully, securely and respecting our privacy. Whether we are at work or home, we make this assumption. Individuals are frequently those that are responsible for the breaches (Social Engineering). Even if there’s a cyber security team or robust policy in place at an organisation. Everyone in the company has a role to play. You are equally as responsible for the cyber-security of your organization as the Information Security teams. This goes for the cleaning crew that connects to the company Wi-Fi all the way up to management who bring their own gadgets, devices to work.
Whether the organization is large or small, their responsibility to safeguard information and data is the same. The role of the Information Security team, or the system administrator has traditionally been to prevent and detect cyber-attacks through the use of technical controls. However cyber-attacks have evolved and it’s no longer a question of “will you be attacked?” but “when?” Organizations need to have a greater cyber resilience capability so that they can respond to and recover from these attacks. A full scale plan should be in place to prevent or counter the aftermath of any type of cyber-attack.
This is why Headway Consulting has teamed up with Peoplecert and axelos product resilia. Headway is accredited on resilia cyber security framework to help Namibian organizations build capacity, know-how when it comes to cyber-resilience. Corporations, SOE’s and Governments need and will by law be required to have safeguards in place, or face potential lawsuits, criminal damages and fines if their clients’ data is not protected. It is only a matter of time before it becomes law here in Namibia as well, so being cyber-resilient will put you ahead of the curve and give you an USP for your clients. Working together with the client to build expertise on cyber-resilience to such and extent that the organization will be certified officially.
The employees and the organization will be trained and ready for;
Organisation will have a management system and framework which identifies what good cyber resilience looks like
It helps and empowers organizations to balance their prevention, detection and correction priorities; their people, process and technology priorities
It creates a common language and collaboration across your entire IT and Security teams as well as other critical departments. It establishes a framework to define, act on and embed the right processes for effective cyber resilience across the organization.
Equips your employees with the skills and behaviours they need to make the right decisions at the right time in the face of increasing cyber risks such:
BYOD (Bring Your Own Device)
Remote and mobile working.
These are just a few of the aspects of learning, training and embedding cyber-resilience into an organisation. The benefits are manifold and will certainly lift your business proposition to a higher plane. We teach our kids to be resilient. We tell people to bounce back from adversity, organisations need to do the same by embracing cyber resilience…cyber-bounce back if you will. It’s not only the cyber-attack we should be focused on. Research shows that as many as 75% of all organisations will be attacked in one way or another. So, give your organisation the ability to bounce back and embrace cyber-resilience. – NDN Staffer