This article was written for the magazine Women in SecurityBaya Lonqueux, January 2022, Cyber resilience is not a trend but a necessity, Women in Security, n° 06, p90-91
The health crisis we have just experienced was undeniably an unforeseeable shock that highlighted our vulnerability. Our habits and our daily lives have been stress tested during these past two years. We had to react quickly and face this unexpected event as best as we could.
Emergency measures were taken worldwide to contain the epidemic. Biotechnology and research were mobilised to find a cure and strengthen our immunity and resilience.
Containment measures were applied to limit the spread of the virus. Other measures were required to ensure the continuity of our economic activities and guarantee the survival of our companies.
Recourse to telecommuting was one solution implemented (often at short notice) by a good number of companies. Digital technology allowed us to run our companies and enabled the virtualisation of the world of work.
This recourse to digital solutions was opportunistic, generally unanticipated, and therefore poorly organised. It made companies more vulnerable, more exposed to cyber-attacks. We saw an explosion in the number of cyber-attacks, and many public and private companies suffered the consequences.
The primary lesson from this crisis is that we need to strengthen our resilience to improve our ability to recover from adverse health events, as well as adverse technological events.
The digital world is a revolution without limits for our emancipation, a godsend with strong advantages, but only if the risks that accompany this revolution are anticipated and simulated, and measures put in place to counter them. And also, not to neglect the prevention and anticipation, two determining factors to reinforce our resilience.
This new period of disruption, of positive transformation, of “working differently” has brought benefits and efficiency. But the dangers and threats are constantly multiplying, demanding increased vigilance from all users.
We need to assess the level of maturity we have reached in managing the security of our information systems, and our relationship with cybersecurity.
- Are we all ready to face the cybersecurity risks in a homogeneous way?
- Have we done everything to protect ourselves, our companies, our assets, our data, etc?
- Do we know enough about our risks to anticipate, manage, and control them?
- Is our technology analysed and simulated to identify vulnerabilities and flaws, to determine our exposure to cyber-attacks?
The answers to these questions are a prerequisite to countering these new threats.
There needs to be a more global approach to the challenges of cyber threats that considers the context to protect, its components the strengths, and weaknesses of the entire ecosystem. This approach must be coordinated and collective to create resilience and implement remediation of vulnerabilities without major consequences.
We need mature approaches to counter cyber risks, whatever the size and activities of our organisations. To achieve this maturity, we must encourage collaboration and cooperation between companies. This is the only way we can expect to improve global security.
It is more than urgent to break the taboos of “the attacked victim is not reliable” and of “the victim denial”.
We are all equal in front of cybercriminals: no one is safe from a cyber-attack. Feedback on a cyber-attack is a valuable asset, data on which we can build our cyber resilience.
Let’s enrich our knowledge of cyber threats and our cybersecurity culture to help our companies and organisations be resilient.