While the term “cybersecurity” is as old as the hills in the security world, the term “cyber resilience” has been gaining momentum. This is a good thing. Cybersecurity management is complex and always changing, and focusing on security alone simply isn’t enough – organizations need a more comprehensive strategy. You might ask: “Isn’t cyber resilience the same thing?” Absolutely not. A quick visit to thesaurus.comfor synonyms for those core terms is a great place to start for some clues to their differences:
- Security –> Defense, Guard, Precaution, Safeguard, Sanctuary, Shield
- Resilient -> Buoyant, Supple, Elastic, Hardy, Plastic, Pliable, Quick to Recover, Rubbery, Springy
What jumps out at me is that “security” is a term which is focused on preventing bad things from happening. Whereas “resilient” is about quickly getting back to “good” in the face of the inevitable impact of bad things.
These concepts translate perfectly to the world of IT security in general, and email security in particular. Organizations should be focused on making their IT systems such as their email, resilient to attacks and not focus purely on the goal of 100 percent preventive security.
Is 100 percent prevention even possible? Definitely not. Much like the human body, which is continuously riddled with bacteria and viruses, the goal is to feel and be well, not to prevent these microorganisms from getting in. We could all live in the equivalent of a semiconductor clean room, continuously taking anti-bacterial baths and pills, and eating only irradiated food, but that doesn’t sound very pleasant. The bodies of generally healthy people thrive on resilience, not prevention.
The best approach for IT security is to have a balanced, resilient approach that encompasses threat prevention and adaptability to new types of threats combined with built-in durability and fast recovery. This is the approach organizations should focus on for all business-critical IT systems, especially their most mission-critical business application: Email.
According to research from Vanson Bourne, only 30 percent of organizations surveyed have adopted a cyber resilience strategy, and only one-third of those are in the early stages of development or planning. Too many organizations are leaving themselves exposed to the unknown – but it doesn’t have to be this way. By developing a more holistic approach, organizations can safeguard against email-borne cyberattacks, business disruption, data loss and human error.
This article was originally published here.