The New Cyber Security Buzz Word is Resilience
The Harvard Business Review ran a piece back in July 2024 on the future of computer security,
https://hbr.org/2024/07/when-cyberattacks-are-inevitable-focus-on-cyber-resilience
Well written (imo) in straightforward language, the gist is:
What is cyber resiliency? And why is it different than cyber protection?
A prevention mindset means doing all you can to keep the bad guys out. A resilience mindset adds a layer: while you do all you can to prevent an attack, you also work with the expectation that they still might break through your defenses and invest heavily preparing to respond and recover when the worst happens. Resilient organizations specifically devote significant resources to drawing up plans for what they will do if an attack happens, designing processes to execute them when the time comes, and practicing how to put these plans into action. Prevention is critical - but it's not enough.
[...]
Yet in my work as a researcher in conversation with chief information security officers and other cyber experts, I have noticed that many leaders focus most, if not all, of their security resources on prevention and leave recovery to business continuity plans that aren't usually designed with cyber incidents in mind. Instead, leaders need to embrace a mindset of cyber-resilience.
The HBR readership is (I believe) tilted toward C-class executives, so this may well filter down into IT departments. Anyone here seen any signs of a push toward "resilience" recently?
Paywalled? Try https://archive.is/CSFA3
Read more of this story at SoylentNews.