Challenges in responding to a cyber threat
Organisations around the world are experiencing some of the most complex and challenging security and privacy breaches to date.
Cyber security preparedness has predominately focused on the technology elements of managing cyber security risks, however recent high-profile cyber-attacks have exposed vulnerabilities in this approach.
Focusing solely on the technological aspects of cyber-attacks limits an organisation’s ability to become resilient to cyber security risks.
Although it may be difficult to avoid attacks, developing the critical thinking skills to anticipate, prepare for and respond to instances where attacks are successful, is a key measure of cyber resilience.
A culture of cyber resilience across the organisation is characterised by high-quality critical thinking and decision-making occurring on a day-to-day basis.
Challenges in responding to cyber attacks
Cyber-attacks are particularly challenging for organisations to respond to as rapid decisions need to be made when there is:
- Incomplete or conflicting information
- Evolving technical complexity
- High levels of scrutiny
- Compressed timeframes
- Significant impacts
The capacity to respond well is heavily dependent on adaptive decision making which is underpinned by critical thinking capabilities.
Teams need to have the skills to separate facts from assumptions, particularly where the facts may be evolving. They also need to consider worst case scenarios and all impact areas, considering incomplete or conflicting information.
In view of the inherent challenges in responding to cyber-attacks, new thinking is required to detect, manage, and recover from cyber security incidents.
Cyber security threat management
A stronger focus on the human dimension of cyber resilience is needed, which includes developing more robust decision-making, and uplifting critical thinking skills and capabilities.
In building organisational resilience, organisations need to take an ‘all-risks’ strategy in developing their capability.
Taking this approach allows teams to use the same frameworks and skills to pivot and response to any type of risks not just cyber threats.
Building Cyber Resilience Capability
The key steps to building a more holistic cyber threat management and response capability which incorporates robust decision-making are:
- Conduct a review of your cyber security capability against the guidelines, standards, and legislation relevant to your industry.
- Elevate high-quality decision-making to business critical and identify a Critical Thinking Framework that can be used at all levels of your organisation to review and build capability to respond to cyber security risks.
- Review all components of cyber resilience through the Critical Thinking Framework to identify threats, uncover blind spots, challenge assumptions, and generate a shared view of the risks.
- Complete a digital or in-person War Room scenario planning activity using the Critical Thinking Framework and information gained at Step 3.
- Develop a Critical Thinking Capability Uplift Program for high priority teams initially and then across the enterprise to ensure teams have the skills to avoid, detect, manage, and recover from on-going cyber security risks.
Building cyber resilience requires a holistic approach beyond technology investments and meeting regulator’s requirements.
Successful cyber resilience requires all teams across the organisation to possess the critical thinking skills to identify, mitigate and respond effectively to all cyber security risks.
To learn more about our Organisational Resilience Framework visit:
Janellis | Organisational Resilience Expertise
Building Cyber Resilience
Boards and Executive Leadership Teams
Many Boards and Executives are in uncharted waters in responding to the impacts of cyber threats, although some industries have been better prepared for ‘catastrophic’ events than others.
Crisis, Incident and Emergency Management Teams
Crisis, Incident and Emergency Management Teams are being challenged in new ways in their capability to respond to the impacts of cyber threats.
Technology and Project Teams
Many strategy and project teams have been impacted by the impacts of cyber although some strategies or projects have been impacted more than others.
Business Continuity and Recovery
Many Business Continuity and Disaster Recovery teams and plans have been activated and developed in response to the impacts of cyber threats.
Uplifting Critical Thinking Capability
Organisations operating during times of ‘extreme change’, experience significantly more stress than during ‘business as-usual’.
Articles and Resources
View all our latest articles and videos related to cyber response crisis planning.
Click on any of the below events to find out more details