2018: Businesses get stronger through cyber resilience

In the past, companies tried to create perfect security. You were either secure, or you weren’t.

But today, risk is no longer viewed as being perfect or binary. It’s a continuum. In 2018 enterprises will focus on getting their resilience as high as possible — or, reducing their risk by taking down the highest-risk activities.

No enterprise will be perfect. Everyone’s going to get compromised. The question is: How quickly and correctly do you respond when you do get hacked?

Resilience and antifragility

What do we mean by resilience?

According to the dictionary, resilience is “an ability to recover from or adjust easily to misfortune or change.”

In today’s enterprise, resilience means planning and practicing for cyber attacks and other threats, because they will happen. So it’s about continuous evaluation and improvement of risk posture. It’s about being a faster learning organization.

Added to resiliency is the notion of antifragility, meaning getting stronger when attacks happen — not just surviving the attack. You get stronger from practicing and from responding in real life, because you internalize what you’ve learned. You use that to make yourself stronger the next time around.

We know that sometimes the most massive improvements happen from massive failures. We’d love for that not to be the case — for the enterprise not to have to sustain a major attack in order to get significantly stronger. We’d love for small failures to create small improvements that add up over time to much greater improvements. That is how antifragility happens.



It’s not just hackers

At this point you may be wondering why we are talking about resilience and not cyber security. It’s because enterprises face several types of devastating threats, not just cyber threats. Threats include:

  • Hackers — cyber threats come in all sizes and can affect any part of the organization
  • Natural disasters — regular as well as extreme national disasters can take the enterprise, or part of it, offline for hours or even days
  • Human error — people make mistakes and can accidently or intentionally trigger unexpected situations
  • Mergers and acquisitions — fueled by low interest rates and available capital, mergers and acquisitions mean that two teams, networks and identity systems merge and become one, presenting potential instability and an opportunity for something unplanned to happen

All these threats challenge the organization’s ability to operate effectively and productively. The organization must plan for these threats, with the goal of becoming ever-more resilient. This means applying continuous improvement approaches to business productivity, differentiation and the resiliency of the business itself.

Where to invest

Organizations must shift investments from protect to detect and respond, which includes recover. They should run simulations of complete business processes to get an end-to-end understanding of the components in the process. This is especially true for digitally transformed businesses, where technology is intimately embedded with processes and people to drive customer intimacy, self-service or immediate fulfilment.

Many businesses operate in hybrid cloud environments. In a hybrid environment, transparency and visibility are harder but necessary to keep enterprise risk managed.  Failing to manage risk means innovation is reduced as business leaders decide it is too hard to accept new innovation.

With proper planning, practicing and investment for resiliency, an important benefit is that your critical talent will not be consumed by responding to incidents. Learn the first time, and fix. That way you won’t have to keep diverting critical resources. You want to keep that talent focused on improving the productivity of your business and innovating.

In 2018, companies will focus on quickly increasing their resiliency in light of these issues and the many challenges handled in 2017.

Chris Moyer is the chief technology officer of Security at DXC Technology. He is responsible for technical strategy and innovation for advisory services, security operations, threat management, identity management, endpoint security, data protection, cloud security and enterprise risk management. Previously, Chris was CTO for Hewlett Packard Enterprise Services and vice president for Mobility and Workplace. He has incubated new services and built strategic technical alliances. @cd_moyer

Joan-Carol (JC) Brigham provides in-depth competitive intelligence for strategic deals at DXC Technology. She was an analyst in the company’s ResearchNetwork for eight years, where she led strategy work and managed much of the launch of industry research in the ResearchNetwork. In addition, she was a principal and business manager analyzing the manufacturing industry. Previously, Joan-Carol worked at Sun Microsystems in the Services business unit, and at IDC, where she stumbled into market and competitive analysis. @jcbrigham


To lower enterprise risk, get cyber resilient

What’s your cyber risk appetite?

6 technology trends for 2018: Guideposts for digital transformation



  1. […] Enterprises must work to get their resilience as high as possible by planning and practicing for such threats, because they will happen. Learn more. […]

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.