The most popular and comprehensive Open Source ECM platform
Cybersecurity and cyber-resilience. What’s the difference?
Cybersecurity is about protecting computer infrastructure from hacking and damage. It is all about prevention and is often enforced with strong authentication, encryption, layered security, and the securing of applications.
Cyber-resiliency is the management of the recovery process should security protections fail. It is about business continuity, system redundancy, developing a strategy to react to attacks, and the cleanup and restoration of operations after a breach.
Cybersecurity is proactive, while cyber-resiliency involves preparation for the inevitable failure and is reactive.
Many organizations emphasize cybersecurity, not cyber-resilience. The assumption might be that with good cybersecurity there may be little need for a cyber-resilience response.
Matt Torrens, the COO at Sprout IT, said that “to protect businesses from cyber threats, we must first be able to recognize risks (combining threats and vulnerabilities) and go on to define solutions to help manage those risks. Response and recovery plans may then take many different forms but should always have the aim of enabling the organization to rally with minimal financial or reputational damage. When it comes to cyber security, in general, organizations across all sectors still tend to emphasize protection over response and recovery. While in the last few years, cyber insurance has become more commonplace, many organizations have still not considered how they would respond to a major attack at all.”