11 Oct 2022
by Sameer Shaikh

The key to cyber resilience (Guest blog by Galaxkey)

Guest blog by Sameer Shaikh, Head – IT Governance and Industry Relations at Galaxkey Ltd #Cyber2022

The dictionary definition of “Resilience” is “capacity to recover quickly from difficulties”. But what about a word for “capacity to recover when one is faced with wave after wave of difficulties, day after day”? I couldn’t find one. Someone suggested “resign to fate”.

I wanted to find this elusive word so I could describe the current state of cyber security – getting trickier year after year. Now compounded by recent geopolitical happenings, and the economic downturn which has adversely affected organisational cyber investments.

August’s cyber security newsletter from UK-DCMS shared startling findings from the Cyber Security Breaches Survey:

  • 4 in 10 businesses and 3 in 10 charities reported a cyber security breach or attack last year
  • Of those who were breached, 34% had a negative outcome

And, the IBM Cost of a Data Breach Report 2022 reported:

  • 83% of organizations studied experienced more than one data breach; of these, 83% stated this was not their first data breach

Over my two decades in this domain, I have seen the challenge evolve frequently. So, I welcome the discussion about cyber “resilience” – now, it’s not just about preventing a cyber incident, it’s also how quickly one can recover to a stable state with the least damage. Here, I share my two cents for organisations to augment their cyber resiliency strategies.

The cyber problem is too complex to have a silver-bullet solution. We need to infuse new elements in the tried-and-tested fundamentals of Tech–Process–People triad.

Robust technology

With data centric attacks including breaches and ransomware rising continuously, data protection remains a key pillar for cyber strategies. This centres around safeguarding sensitive data even if it falls into wrong hands. Did I hear “encryption”?

The benefits are obvious:

  • Encrypted data carries no risk of exposure.
  • Since encrypted data is no use to attackers, their “attack incentive” reduces - making repeat attacks less likely.
  • Most privacy regulations exclude need to inform data-subjects about breach if data is encrypted. Saving you regulatory fines and reputation losses.
  • Ransomware attackers have changed their paradigm from “locking data to demand money” to “exposing locked data to demand money”. If you experience a ransomware attack and your data is encrypted, it cannot be misused by an attacker for ransom.

If you haven’t yet, data encryption should be a baseline technology that all organisations must adopt.

A comprehensive suite, such as that provided by Galaxkey, covering the information sharing needs of an organisation and built on a strong NCSC-certified encryption platform not only addresses the security requirements, but also reduces architectural complexity and introduces substantial cost benefit.

Functional controls

Technology alone cannot solve this challenge. It needs new functional/process controls. While DR and BCP have long been a key part of resilience, we need to introduce new elements into this equation.

Add one thing to your arsenal – Cyber Insurance.

Most corporate insurers cover incident triage to recovery to lost business, including legal costs. A well thought out cyber insurance strategy can add huge value to your organisational resilience program.

People

All the above will fail without people. Anyone who has lived through a cyber incident knows the importance of a shoulder to lean on during these stressful times. With this in mind, our organisation runs two major programmes to help with this :

  • LEAP (Leadership Engagement and Advisory Program) – This forum brings together our customers, sales partners and thought leaders. With members from multiple geographies and industry verticals, LEAP is a useful ecosystem for sharing insights on corporate cyber security strategies and individual knowledge.
  • Educational CSR – As a responsible company, our role doesn’t end at building the best technology; we also invest heavily in our Education CSR program. Along with extending discounted pricing for schools, we also conduct awareness sessions for students on safe cyber habits and career guidance.

In summary, from our learnings at GalaxKEY, some keys to cyber resilience:

  • Robust data protection technology (with encryption at the core)
  • Cyber insurance
  • Comprehensive people engagement program

The journey from “cyber security” to “cyber resilience” has just started and we are all learning.


Help to shape and govern the work of techUK’s Cyber Security Programme

Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.

*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.


Upcoming events 

Cyber Innovation Den

On Thursday 3 November, techUK will host our fourth annual Cyber Innovation Den online. This year we’ll explore efforts being made to realised the ambition set out in the National Cyber Strategy, with speakers taking a look at the progress we’ve seen to date, including the foundation of the UK Cyber Security Council, the reinvigoration of the Cyber Growth Partnership and the continued growth in the value of the sector to the UK economy.

Book now!

Cyber Security Dinner

In November techUK will host the first ever Cyber Security Dinner. The dinner will be a fantastic networking opportunity, bringing together senior stakeholders from across industry and government for informal discussions around some of the key cyber security issues for 2022 and beyond.

Book now!


Get involved

All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.

lock-tech-security-web-training.jpg

The Cyber Management Committee sets the strategic vision for the cyber security programme, helping the programme engage with government and senior industry stakeholders.

Office-working-laptop-196947631-web-1500px.jpg

The CSSMEF is comprised of SME companies from the techUK membership. The CSSMEF seeks to include a broad grouping of different SME companies working in the Cyber Security (CS) sectors.

 

 

Authors

Sameer Shaikh

Sameer Shaikh

Head – IT Governance and Industry Relations, Galaxkey Ltd

Sameer heads up InfoSec, IT governance and industry relations with Galaxkey. He has over 20 years of domain experience, with his previous roles including group head of InfoSec at Emirates Airline and Air Arabia. He has an MBA in IT, and holds certifications such CISSP, CISA, CGEIT and ISO 27001 LA. He has been contributing as panellist and speaker at various cyber forums, and as an advisor to start-ups and companies. Cyber Resilience and People-aspect of InfoSec are his latest muse; he is working with educational institutions and organisations to build an ecosystem of diverse InfoSec players to join forces and devise cyber resilience programs that can be offered pro-bono to benefit organisations.