2018: Businesses get stronger through cyber resilience

In the past, companies tried to create perfect security. You were either secure, or you weren’t.

But today, risk is no longer viewed as being perfect or binary. It’s a continuum. In 2018 enterprises will focus on getting their resilience as high as possible — or, reducing their risk by taking down the highest-risk activities.

No enterprise will be perfect. Everyone’s going to get compromised. The question is: How quickly and correctly do you respond when you do get hacked?

Resilience and antifragility

What do we mean by resilience?

According to the dictionary, resilience is “an ability to recover from or adjust easily to misfortune or change.”

In today’s enterprise, resilience means planning and practicing for cyber attacks and other threats, because they will happen. So it’s about continuous evaluation and improvement of risk posture. It’s about being a faster learning organization.

Added to resiliency is the notion of antifragility, meaning getting stronger when attacks happen — not just surviving the attack. You get stronger from practicing and from responding in real life, because you internalize what you’ve learned. You use that to make yourself stronger the next time around.

We know that sometimes the most massive improvements happen from massive failures. We’d love for that not to be the case — for the enterprise not to have to sustain a major attack in order to get significantly stronger. We’d love for small failures to create small improvements that add up over time to much greater improvements. That is how antifragility happens.

 

It’s not just hackers

At this point you may be wondering why we are talking about resilience and not cyber security. It’s because enterprises face several types of devastating threats, not just cyber threats. Threats include:

  • Hackers — cyber threats come in all sizes and can affect any part of the organization
  • Natural disasters — regular as well as extreme national disasters can take the enterprise, or part of it, offline for hours or even days
  • Human error — people make mistakes and can accidently or intentionally trigger unexpected situations
  • Mergers and acquisitions — fueled by low interest rates and available capital, mergers and acquisitions mean that two teams, networks and identity systems merge and become one, presenting potential instability and an opportunity for something unplanned to happen

All these threats challenge the organization’s ability to operate effectively and productively. The organization must plan for these threats, with the goal of becoming ever-more resilient. This means applying continuous improvement approaches to business productivity, differentiation and the resiliency of the business itself.

Where to invest

Organizations must shift investments from protect to detect and respond, which includes recover. They should run simulations of complete business processes to get an end-to-end understanding of the components in the process. This is especially true for digitally transformed businesses, where technology is intimately embedded with processes and people to drive customer intimacy, self-service or immediate fulfilment.

Many businesses operate in hybrid cloud environments. In a hybrid environment, transparency and visibility are harder but necessary to keep enterprise risk managed.  Failing to manage risk means innovation is reduced as business leaders decide it is too hard to accept new innovation.

With proper planning, practicing and investment for resiliency, an important benefit is that your critical talent will not be consumed by responding to incidents. Learn the first time, and fix. That way you won’t have to keep diverting critical resources. You want to keep that talent focused on improving the productivity of your business and innovating.

In 2018, companies will focus on quickly increasing their resiliency in light of these issues and the many challenges handled in 2017.

This post is a deeper dive into the fourth trend of our 2018 Technology Trends. Check out all six trends at 2018 Technology Trends.


Chris Moyer is the chief technology officer of Security at DXC Technology. He is responsible for technical strategy and innovation for advisory services, security operations, threat management, identity management, endpoint security, data protection, cloud security and enterprise risk management. Previously, Chris was CTO for Hewlett Packard Enterprise Services and vice president for Mobility and Workplace. He has incubated new services and built strategic technical alliances. @cd_moyer

Joan-Carol (JC) Brigham provides in-depth competitive intelligence for strategic deals at DXC Technology. She was an analyst in CSC’s ResearchNetwork for eight years, where she led strategy work and managed much of the launch of industry research in the ResearchNetwork. In addition, she was a principal and business manager analyzing the manufacturing industry. Prior to CSC, Joan-Carol worked at Sun Microsystems in the Services business unit, and at IDC, where she stumbled into market and competitive analysis. @jcbrigham

RELATED LINKS

To lower enterprise risk, get cyber resilient

What’s your cyber risk appetite?

6 technology trends for 2018: Guideposts for digital transformation

 

Trackbacks

  1. […] Enterprises must work to get their resilience as high as possible by planning and practicing for such threats, because they will happen. Learn more. […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: