Aaron Russo - Senior Manager for Tech Sales Data Center
Aaron Russo
Senior Manager for Tech Sales Data Center
Jeff Stork - Software Delivery Practice Manager
Jeff Stork
Senior Service Manager
Lane Shelton - Vice President of Software Business Development
Lane Shelton
Vice President of Software Business Development
Tony Dancona - Vice President of VMware EUC
Tony Dancona
VP VMware EUC, Solutions and Services
»See All Authors
Stephen Nardone - Director of Security Solutions and Services

Building Resilience in Critical Infrastructure

Reduce Your Cyber Security Risk

|

Resiliency is the key to surviving after a cyberattack, especially in critical infrastructure. Having an emergency response plan will help you to prepare and respond to an incident so that your organization can return to business as usual with as little impact as possible.

474702-New-Building-Resilience-in-Critical-InfrastBut how do you build resiliency into your critical infrastructure?  It’s a crucial question, given the results of the second annual RSA Cybersecurity Poverty Index[1], which compiles survey results from 878 respondents across 81 countries and more than 24 industries:

  • For the second straight year, 75% of survey respondents have a significant cybersecurity risk exposure
  • Half of those surveyed assess their incident response capabilities as either "ad hoc" or "nonexistent"
  • Government and energy sectors ranked lowest among industries in cyber preparedness
In order to manage and respond to risks, you first have to know the risks to your organization. A big part of that is knowing what infrastructure assets comprise your IT environment. An asset inventory is in fact mandated by NIST (National Institute of Standards and Technology) as an essential part of your cyber response plan.

Once that plan is developed, it should be tested against real world scenarios via simulations.

Whether you need to respond to insider threats or malicious attackers entering into your environment, you need to have a working plan to detect and respond to threats that will allow for minimal downtime and impact on the business.

The themes of the past few weeks of the National Cyber Security Awareness Month

have addressed the most important steps that every organization should take in order to best manage risk. Building resilience into your critical infrastructure means that every employee knows about potential threats. And that’s the critical third step to building resilience: train and empower employees.

Employees must be engaged in security awareness training, and business leaders need to review those programs and security policies to ensure that they are current and effective.

Once you understand the risks to your environment, you need to look at your overall security infrastructure to determine whether it is able to defend your business against the current threat landscape. You will need a variety of tools, but you’ll also need to know which tools no longer suit your needs and which tools might be inharmonious with what is required for your evolving ecosystem.

Resilience is not only a matter of technology. A strong security program should include policies for people and technology as well as the physical protection of critical documents. These policies should be clearly written, continuously managed, and constantly enforced.

Your employees must be able to perform their daily duties, but a response plan must also prepare you for the unexpected—so that you are able to return to full functionality after any downtime or emergency. Having the right strategies that are compatible with your business needs is the key to building resilience, and your emergency response plan should prepare your employees for the variety of threats that can compromise your physical and network infrastructure.  



[1] http://www.darkreading.com/prnewswire2.asp?rkey=20160614NE23237&filter=3928


For more than 30 years, the Connection family of companies has been trusted to provide and transform technology into complete solutions. For more information, drop us a line.