Cyber Resilience [A Primer]

In 1903, “Magician and inventor Nevil Maskelyne disrupted John Ambrose Fleming's public demonstration of Guglielmo Marconi's purportedly secure wireless telegraphy technology, sending insulting Morse code messages through the auditorium's projector,” according to the Wikipedia entry “Timeline of computer security hacker history." (I believe this may be the first recorded cyber attack.)After considering this attack, I wondered what John Ambrose Fleming did next. Did he walk off stage? Did he continue his presentation when the insulting code stopped or if it didn’t? Did he work to ensure tighter security at future events? In short, what kind of  Cyber Resilience did he show?But first, what is resilience? According to Wisdom Commons, “Resilience is the ability to work with adversity in such a way that one comes through it unharmed or even better for the experience. Resilience means facing life’s difficulties with courage and patience – refusing to give up. It is the quality of character that allows a person or group of people rebound from misfortune, hardships and traumas.” Makes sense, right?Now, as we consider the first cyber attack and the ones happening today, let's explore Cyber Resilience. According to Symantec “Cyber Resilience is about the management—not the elimination—of risk. Not only is eliminating risk impossible, but it impedes agility; an environment with an acceptable level of risk supports innovation.”  That's a good start, but let's dig deeper.The Mitre website notes, “Organizations cannot plan for every disruption. They need to be able to handle changes in their risk environment at a moment's notice and with a predictable level of performance. Organizations can no longer expect to prevent every cyber attack. They must be ready to continue operations and meet their mission when disruption occurs. To accomplish this mission, organizations must take a structured approach to managing security risks, business continuity, and information technology operations within the context of their business objectives.” That information rounds out the picture more.Finally, let's look at how businesses can start to apply a Cyber Resilience mindset. An article on Forbes.com specifies three important areas to consider:

• Perspective. Instead of asking “Do we have this or that security measure in place?”, business leaders need to inquire, “What are our most important business assets and how do our security measures relate to them?”

• Budget. Treating all assets and all risks as equal is never cost effective. Business leaders need to weight limited IT budgets to protect their most important assets with the greatest amount of rigor.

• Expectations. The days of demanding 100% cybersecurity are gone. Business leaders need to expect and anticipate cyber breaches, and plan for how to minimize reputational, financial, and operational impact.

Your homework for the next three and half minutes is to think about Cyber Resilience in your business and your world. If an attack disrupts your business or personal life (just as Nevil Maskelyne's attack affected to John Ambrose Fleming), what’s your level of Cyber Resilience?