Resilience, according to Oxford Languages, is:
- The capacity to withstand or to recover quickly from difficulties; toughness
- The ability of a substance or object to spring back into shape; elasticity
Toughness and elasticity are good, somewhat oxymoronic, starting points when it comes to thinking about what cyber resilience really means for organisations, individuals, and governments. In many cases, the word ‘resilience’ feels overused in cybersecurity or at least contextually abstracted. Yet, in times of rapid change, what we really need now is resilience.
So, what do we mean when we talk about resilience? And what does it look like in practice? The Gurus asked collaborators, exhibitors and speakers who will be attending this year’s International Cyber Expo to weigh in.
The Advisory Council: What ‘Resilience’ Means to Those on the Front Line of Cyber Defence
Tarquin Folliss, Vice Chairman of SASIG and curator of the Global Cyber Summit agenda, said: “Resilience is a mindset—for organisations as much as for individuals. An organisation’s culture, its willingness to prepare and learn, its clarity when communicating both internally and externally, and its ability to recognise and embrace risk are all critical to developing resilience.”
This year’s International Cyber Expo Global Cyber Summit explores the overarching theme of ‘resilience’ in three key ways:
- Geopolitics, conflict, crime and disinformation: staying resilient in the face of the evolving (and changeable) political landscape.
- The international context of cybersecurity, our vulnerability to supply chain disruption, both digital and physical, and the impact of regulation.
- Emerging (and not so emerging) technologies and how they might help us and aid our adversaries.
Jessica Figueras, CEO of Pionen, noted: “It doesn’t matter what sector you operate in, or your size – unfortunately, it’s now clear that attackers won’t spare even hospitals, schools and charities. The prevalence of attacks and incidents has increased so sharply that most organisations need to plan on the basis of ‘when, not if’. That’s what cyber resilience is all about: surviving and recovering from an attack. Good cyber risk management and actively planning and rehearsing for an attack, all play their part here.”
Lisa Ventura, Founder of Cyber Security Unity, said: “Resilience in cyber security involves not only the prevention of breaches through strong security measures but also the capacity to minimise damage and restore operations swiftly when an incident occurs. It can mean having systems, processes, and policies in place that ensure the continuity of operations even in the face of potential disruptions. This can include regular backups, disaster recovery plans, and incident response teams capable of addressing threats in real-time.
For the cyber security industry resilience to me represents a strategic shift from purely defensive measures to a more adaptive and flexible approach to threat management. As cyber-attacks grow in complexity and frequency, industry players are increasingly focusing on developing technologies and frameworks that emphasise quick detection, response, and recovery.”
Resilience, The Cyber Landscape, and Organisations
Rob Demain, CEO of e2e-assure, who are Founding Partners of this year’s International Cyber Expo, noted how the shifting cyber landscape has made cyber resilience essential for organisations: “The cyber defence landscape has shifted from guaranteeing the prevention of cyber-attacks to minimising their impact. This is where ground-up cyber resilience is essential.”
“At the point at which an organisation is attacked, it’s arguably too late to do anything about it. A lot of traditional services function by responding to the actual encryption of ransomware events. By the time that’s happened, it’s too late to fix it.”
“By taking a holistic approach to cyber resilience, we look at optimising both prevention and response. Prevention involves integrating employees into the foundations of your frameworks and policies. Keeping your first line of defence as strong as possible.”
“But underpinning this with detection and response, which prioritises looking for the spark in malicious activity. We call this initial access techniques and is vital in minimising the impact of an attack and increasing resilience across all business types and industries.”
Building Resilient Workforce: Diversity and Wellbeing
Another key aspect of resilience in cybersecurity is the resilience of the workforce and making sure that the people within the industry are supported. From wellbeing guidance to diversity initiatives, the industry cannot truly be resilient if the people within it are not met with an environment to thrive.
On protecting the industry from the ongoing burnout crisis, Jasmine Eskenzi, CEO and Founder of wellbeing and productivity app The Zensory, notes: “As an industry, we have to protect our people. Cybersecurity professionals know too well the realities of an industry that never stops. From facing constant threats and working long hours to enduring immense pressure, while their dedication is commendable, the toll on their mental health is significant.”
Eskenzi continues, “To address this issue, organisations must prioritise work-life balance, provide mental health support, and foster a supportive work environment. By investing in their employees’ wellbeing, companies can ensure that cybersecurity professionals can effectively protect their businesses while maintaining their own mental health. This is a crucial step for resilience.”
Zensory is once again bringing The Cyber Wellbeing Corner to the International Cyber Expo. A first of its kind for cyber exhibitions globally in 2023, the space proved necessary and popular for cybersecurity professionals. Exhibitions are known to be overstimulating, and spaces such as these aim to give professionals the chance to recalibrate away from the busy show floor.
Kunjal Tanna, Co-Founder of LT Harper, adds: “As someone who’s spent years in cybersecurity recruitment, I’ve seen firsthand the challenges businesses face in staying resilient against cyber threats. It’s no longer just about stronger passwords or better firewalls – true resilience is about preparing for the unexpected, reacting swiftly, and emerging stronger.”
“Imagine your business as a ship navigating a sea of cyber threats. No matter how fortified your defences are, storms are inevitable. The real test isn’t in preventing every storm but in ensuring your ship stays afloat when one strikes. With the right crew and preparation, you might take on water, but you’ll keep moving forward.”
“That’s the key: resilience isn’t just about avoiding threats; it’s about how you respond. Do you have the right team to detect the threat, minimise damage, and get you back on course quickly? This is where we come in – finding not just tech-savvy individuals but people who think creatively, solve problems, and act decisively in a crisis”
“Smaller, focused communities, like ‘InClusive InCyber’ for women in cybersecurity, are instrumental in building this kind of resilience. Working in these tight-knit groups fosters deep collaboration, allows for the sharing of specialised knowledge, and encourages mentoring relationships that help individuals grow stronger together. It cultivates collective agility, enabling quicker responses to evolving threats. When you belong to a community like this, you’re not just part of a network; you’re part of a dynamic ecosystem of problem solvers who are better equipped to adapt and overcome challenges.”
“At our firm, we’re strong believers in diversity not just because it’s the right thing to do but because diverse teams are better at navigating challenges. They bring fresh perspectives and innovative solutions and can view problems from angles others might miss. In cybersecurity, this is invaluable. You want people who can outthink attackers, not just follow a playbook. Resilience comes from diversity and community, fostering adaptability, collaboration, and better problem-solving.”
LT Harper will bring their popular InClusive InCyber networking breakfast to the International Cyber Expo on day one of the show (24 September). The theme of the panel session will be risk-taking.
Resilience: A Final Word
Resilience is something we must strive towards as an industry, although it will take time. It enables professionals to adapt to rapidly evolving threats, bounce back from breaches, and maintain a strong security posture. A resilient cybersecurity team can effectively respond to challenges, minimise downtime, and protect sensitive data – but not at the expense of its people. It’s a tough but necessary balancing act.
—
The International Cyber Expo will be held on the 24th and 25th September 2024 at Olympia London. Registration is free and can be done here: International Cyber Expo 2024 Registration