In their own words, the Mimecast Cyber Resilience Summit – their first annual users conference – was created to bring ‘IT and Security Professionals together to make the world a more resilient place.’
Well, it’s a touching statement and one we can collectively agree is required, so how did they go about achieving their goal?
Well the truth is, they haven’t yet. It takes a lot of very bright people a very long time to make the cyber-world a more resilient place but with the help of keynote speakers including…
Peter Bauer, CEO & Co-Founder of Mimecast
Janet Levesque – CIO, SVP Systems Resilience & Security, Mimecast
Christina Van Houten – Chief Strategy Officer, Mimecast
Mick Ebeling – CEO, Not Impossible Labs
Art Coviello, Executive Chairman (ret.), RSA
Ryan Stramrood – Extreme Adventurer and Ice Swimmer
…they are well on the way.
Held last week in Dallas, Texas, the Cyber Resilience Summit was by all accounts, fantastic.
Sadly, we didn’t go but that doesn’t stop us reporting on it. After all, did we tell you that we have been Mimecast’s Customer Excellence Partner of the Year for two years’ running?!
What Were Delegates Treated To?
There were free Mimecast certification courses, hands-on labs, 40+breakout sessions and over 100 tech experts to tap into. That notwithstanding, there were product roadmap deep dives with Mimecast executives and product management, exclusive peer networking with the Mimecast community to share industry best practices, trends, strategies, solutions and more. There’s no better time than now to bolster your cyber resilience!
Yes, some very American-style language there, but you get the picture.
Let’s take a look at cyber resilience and give you our take on what Mimecast are so committed to.
What Exactly Does Cyber Resilience Mean?
For sure it’s a very broad topic and the very pinnacle of what Mimecast do and for a lot of people it’s spoken about in the context of security breaches and what is known by the umbrella term ‘cyberattacks’ but it’s also means resiliency against compliance and legal investigations, data loss and issues surrounding business continuity.
Put in simple terms, cyber resilience is a measure of how well a business manages a cyberattack or data breach while continuing to operate the business effectively. It’s fundamental aim is to ensure that critical business operations are safeguarded and that a breach doesn’t destabilise the business for any longer than is absolutely necessary.
Put in life terms we can all understand, when you catch a cold – and you will, we’re coming into winter now – it’s as a result of a virus you’ve never encountered before, yet you are always able to recover from it. How? Resilience.
We digress. It’s a relatively new term on the technological block and its emergence is one of necessity rather than vanity. It’s because the traditional security measures are no longer a match for the baddies. Like taking candy from a baby. But the fight starts here.
The fight to stay one step ahead.
It’s a tough ask, like Stallone’s first fight against Mr. T in Rocky III but the IT industry as one must stand up and say, ‘we’re well up for it.’
The common acceptance these days is not if, but when you’ll get attacked so the focus has to shift from keeping people out of your network to making sure that when they do breach the defensive wall, you have procedures in place to negate the impact.
A robust cyber resilience framework should, broadly speaking, take a four-pronged approach.
1. Management and Protection
The first thing you need to do is to be able to identify, assess and manage the inherent risks associated with your systems as well as protecting your data and systems from attack, system failures and unauthorised access and should cover:
- Malware protection
- Information and security policies
- Formal information security management programme
- Identity and access control
- Security teams are competent and receive regular training
- Security staff awareness training
- Physical and environmental security
- Patch management
- Network and communications security
- Systems security
- Asset management
- Supply chain risk management
2. Identification and Detection
This is dependent on continuous monitoring of your network and systems to detect anomalies and potential incidents either before they happen or before they cause an lasting – and costly – damage and should cover:
- Security monitoring
- Active detection
3. Response and Recovery
An incident response programme is vital – and must be clearly communicated to every relevant stakeholder – to ensure that your business can continue to operate even if you have been hit as well as getting back to normal as quickly as possible and should cover:
- Incident response management
- ICT continuity management
- Business continuity management
- Information sharing and collaboration
4. Governance and Assurance
Perhaps the most important element of your cyber resilience programme is to ensure that it is overseen from the very top of the corporate hierarchy and built into ‘business as usual’ and over time, it should align with your wider business objectives. It should cover:
- Comprehensive risk management programme
- Continual improvement process
- Governance structure and processes
- Board-level commitment and involvement
- Internal audit
- External certification/validation
Contact us today on firstname.lastname@example.org or call 020 7078 0789 and we’ll talk about developing a cyber resilience programme or what’s better, the Meat Feast or the Fiorentina. Whatever you like.