Cyber Resilience Requires Maturity, Persistence & Board Engagement

BLACK HAT MEA – Riyadh – Wednesday, Nov. 15 –  Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI.

In a fireside chat at the Black Hat Middle East and Africa conference in Riyadh, Saudi Arabia this week, Reem Alshammari, cybersecurity leader for the Women in Cyber Security Middle East group, said that while operations are becoming more digitized, cyber resilience must remain a part of that.

"In cybersecurity, we keep saying that it is not the matter of will we be attacked, it's a matter of when we will be attacked," she noted. So, it's imperative to ensure there is an ability to bounce back within all layers of the organization.

Hard Times Create Resilience

Alshammari's conversation partner, Abeer Khedr, CISO of the National Bank of Egypt, noted that the COVID-19 pandemic put resilience firmly in the limelight.

Khedr said that specifically, the move to remote working was a new variable that businesses were "globally suffering from that nobody was really accounting for."

That kicked off a broader conversation on weathering challenges, she said, so there is no better time than now to focus efforts on cyber resilience, particularly when presenting to CEOs.

"Cyber resiliency has to be owned at the top of the organization and the senior management level," she said, and added that it must be integrated as part of a company's operational strategy. "This is a journey of maturity, and for cyber resilience to work in my opinion, it has to be embedded inside an organization." 

She pointed to two roadmaps for achieving cyber resilience: one is Accenture's "State of Cybersecurity Resilience" report, and the other is BS 65000, which was developed by theBritish Standards Institution (BSI) as a code of practice for organizational resilience. The latter was revised last year from its 2014 original version, and provides businesses with guidance and recommendations in achieving resilience throughout their organization.

While these can be helpful to plot out one's direction and steps forward, Khedr said to remember that cyber resilience is not an achievement check box, and is not a journey that can be achieved overnight.