Risk & Fraud

Resilience; Not Just Security

By: Gene Fredriksen, Chief Security Strategist

Resilience can be defined as the ability of a business not just to survive, but also to thrive in a rapidly changing or potentially caustic environment. It describes the state of an operation where members have access to the right data, delivered to the right place, when the member needs it. It is much more than our typical view of cyber security.

When businesses choose to pursue an e-business strategy, they must be cognizant of consumer expectations. In a highly competitive e-business environment, the difference in cyber risk investment between vendors has already become important criteria for selection. This difference only becomes more important when a hacker or technology-related incident damages the business and the customer relationship. As businesses seek to innovate to better serve the customer, they must ensure new technical solutions and processes, and also reduce the risk the new systems bring along with them. Security and business continuity must go hand in hand in order to achieve the necessary resilience to match the risk profile of the company.

Many security product vendors would have you believe that technology can keep you safe. Every time a new threat or vulnerability emerges, new products also emerge, targeted at mitigating the risk. I am not saying that technology can’t be a critical piece, or that new security technology should not be evaluated. Over-reliance on technology alone to solve resilience issues is doomed to fail. It takes a balanced approach, utilizing people, process and technology to achieve security, while improving operational capabilities. Well-designed, resilient solutions will also reduce daily “noise” for an operations team, allowing them to focus on infrastructure enhancements and resilience.

Watch for future blogs on the components of a resilience program.