Importance of cyber resilience
Cyber resilience has become an industry buzzword since it has a significant implication on the security strategy of the enterprise. The concept of cyber resilience is different from cyber security; cyber security is referred to the processes and methods which are used by corporations to protect the electronic data whereas cyber resilience is a referred to the ability to withstand or recover from adverse cyber events which result in disrupting their usual business operations. Organisations should focus on linking their cyber security policies with resilience protocols which resulted in increasing their ability to withstand adverse cyber incidents (Harrop and Matteson, 2015). In order to establish effective cyber resilience policies, the enterprises are required to comply with various principles. With the increasing risk of cyber-crimes on corporations, the relevancy of implementing appropriate policies which are focused towards protecting them from cyber-attacks has increased substantially. In this report, the importance of cyber resilience will be discussed along with the key principles which corporations should follow while integrating cyber security and resilience protocols. This report will provide recommendations to ANZ Banking Group Limited which is included in the ASX 200 list regarding how the company can integrate its cyber security with resilience protocols. Various examples of companies will be evaluated in order to understand the best practices regarding cyber resilience policies.
The number of attacks on cyber infrastructure of corporations has increased considerably in the past few years. As per a study of PwC, there has been the biggest increase in cyber-attacks in over ten years, and more than 38 percent cyber-attacks increased in 2015 (Schmitz, 2016). This increase shows that the importance of improvement in cyber security measures has increased along with establishment of effective cyber resilience policies. By implementing cyber resilience policies, the corporations can ensure that they are updated to protect themselves from recent cyber-attacks and sustain their growth even in the adverse cyber environment. The perspective of cyber resilience is continuously evolving, and it is gaining recognition between enterprises since they are giving priority to implementing cyber resilience policies in the organisation. In 2013, Barack Obama issued ‘Presidential Policy Directive PPD-21’ in which he defined “resilience” as the ability of the corporations to prepare themselves regarding changing conditions in the industry and withstand such changes by recovering rapidly from disruptions. This concept was promoted by governmental organisations because it assists in making corporations competent enough to address the cyber security issues (Davis, 2015).
The number of cyber-attacks such as Distributed denial to service (DDoS), malware, Ransomware, cyber fraud, phishing, and others is increasing continuously due to which organisations have to take appropriate measures to ensure that their data is protected from violation (Ferdinand, 2015). In case of ANZ Banking Group Limited, the corporation is the third largest major Australian banking organisation which operates in the banking and financial services industry. The company has faced a serious DDoS attack due to which its functions were stopped. The electronic trade outage which was reported by the organisation was actually a DDoS attack was targeted by hackers to collect the private data of the bank while shutting its services down (Lee, 2012). In order to address these issues, ANZ Banking Group Limited has implemented a major cyber defense overhaul which uses advanced analytics in order to reinforce the cyber defenses of the company. The corporation uses enlisted software which is developed by the United States government along with the support from the open source community in order to recognise potential breaches (Crozier, 2018). Thus, the importance of cyber resilience has increased substantially in the past few decades due to which most corporations are adopting this concept to ensure that they keep striving even in the adverse cyber environment.
Principles to integrate cyber security and resilience protocols
Most corporations wanted to implement cyber resilience policies; however, they face difficulties in integrating their cyber security infrastructure along with resilience protocols. In order to address this issue, the following are different principles which corporations should comply with.
The involvement of the board the first key principle since it is important to decide the responsible for cyber resilience policies. The board should be responsible for the promotion of cyber resilience policies in the organisation. If the board members want, they can delegate their responsibility to a committee which is established in order to promote cyber resilience policies in the company. The bottom-line is that the responsibilities should be clearly established by the board members (World Economic Forum, 2017).
The board should get the command of the subject by collecting all the relevant data regarding the implementation of these policies. The board should collect information regarding the threats and other trends which they face while implementing cyber resilience policies. The board of directors can get external assistance from experts in order to ensure that they are updated with the changes in the corporation.
The board should appoint a corporate officer who will be accountable for the promoting cyber resilience policies by reporting to the board regarding the capabilities of the firm and managing the progress. The corporate officer should have appropriate authority and experience to deal with these matters (Joiner, 2017).
The business strategy of the company should be integrated with the cyber resilience protocols in order to ensure that they work together to achieve the goals of the corporation. The cyber risk management program of the company should be wide and sufficient budgeting, and resource allocation should be made by the board to ensure that cyber resilience policies are promoted in the organisation (World Economic Forum, 2017).
The board should clearly define the risk appetite or risk tolerance ability of the company towards current and future cyber threats. Effective assessment of the risk facing abilities of a company enables it to avoid the current and future cyber threats by taking appropriate security measures.
The assessment of the risks and threats associated with the cyber security of the company is also necessary to promote cyber resilience policies in the company. The board should encourage the corporate officers to provide continuous reports regarding the progress of cyber resilience policies to ensure that they are updated as per the requirements (Arghandeh et al., 2016).
Based on the reporting and assessment of the policies, the implementation of resilience plans is necessary which must be supported by the management and the corporate officer who is accountable. The officer who is in charge should monitor the performance of cyber resilience policies in order to form future plans which address the current and future cyber risks which can adversely affect the organisation (World Economic Forum, 2017).
The board members should encourage other stakeholders of the corporation to collaborate in the process of implementation and reporting of cyber resilience policies in order to ensure systemic cyber resilience.
An independent and formal review should be done in order to evaluate the key factors which affect the overall operations of the cyber resilience policies and their influence on the enterprise.
Best practices for cyber resilience policies
The board should conduct periodical reviews of the performance of cyber resilience policies to ensure their effectiveness as per changing trends in the industry. The board can also collect external advice from experts while evaluating the effectiveness of cyber resilience policies to ensure that they protect the company from cyber-attacks and increase its risk tolerance ability.
Apple is an American corporation which is one of the biggest enterprises in terms of revenue across the globe. It operates in computer hardware, software, digital distribution, consumer electronics, and other related industries. The company has faced many cyber-attacks which adversely affected the profitability and image of the corporation. A good example is the leak of iCloud photos in 2014 in which more than 500 private photos of celebrities were leaked by cyber criminals (Reed, 2014). In order to avoid these issues, Apple continuously improves its products and services to ensure that they are protected from cyber-attacks. The board of the company involves in the process of cyber security, and they take appropriate measures to promote cyber resilience in the organisation. For example, recently the company has introduced the cyber risk management program which combines approach integrated technology, services, and enhanced cyber insurance which assists the company in becoming more resilient. The company has entered into a deal with Allianz to improve it cyber insurance policies to ensure that the company is able to effectively manage its cyber risks which are associated with malware-related threats and Ransomware (Apple, 2018).
Netflix is an American corporation which offers its services across the globe. The company operates in the entertainment industry, and it offers online streaming services to its customers. Since the entire operations of the company are online based, it has to ensure that it takes appropriate measures to ensure its cyber security. The company has faced many cyber-attacks in which the cyber criminals leaked the episodes of its original series which negatively affected the profitability of the company (Vijayan, 2017). Furthermore, the cyber criminals also use DDoS attacks to disrupt the operations of the company and stop its services. The corporation has made cyber resilience as its priority, and it focuses on addressing its issues by finding unique ways. For example, the corporation has started developing own security products which are focused on responding to the unique cyber risks which the corporation faces (Hall, 2017). The company uses the cloud services of Amazon Web Services, and it collaborates with them to ensure that the online data of the company is secured from cyber breaches. The corporation complies with the principle of collaboration with other stakeholders in order to promote its cyber security. Furthermore, the CEO of the company, Reed Hastings, has been continuously involved in the process of forming cyber resilience policies to ensure that the company is able to sustain its growth even after facing adverse cyber threats (Hall, 2017). Moreover, the company leverages IT process automation in order to protect the key information of the company from cyber-attacks.
ANZ Banking Group Limited has already suffered from cyber-attacks which are focused on adversely affecting the market position of the company. The corporation is required to improve its cyber resilience policies in order to ensure that it is protected from major cyber-attacks which could adversely affect the company and its financial position in the industry. Following are various recommendations for ANZ Banking Group Limited in order to establish effective cyber resilience policies in the organisation.
Firstly, ANZ is required to ensure that its board of directors is involved in the process of implementing cyber resilience policies in the organisation. The board should either involve themselves in the procedure or delegate their duties to a committee which is formed in the company to promote and implement cyber resilience policies. Due to the involvement of the board members, the corporation can ensure that the corporate officers who are accountable for enacting these policies are appropriately accountable for providing reports regarding the effectiveness of resilience protocols.
Since ANZ Banking Group Limited offers banking and finance related services to its customers, it should ensure that the cyber resilience policies are integrated with the business strategy of the organisation. The corporation has to ensure that it connects its business goals along with the objectives of cyber security to ensure that they work together to promote cyber resilience in the company.
An improved cyber resilience infrastructure starts based on preparation for cyber-attacks. ANZ Banking Group Limited has already started prioritising its cyber security in order to ensure that the corporation is prepared for the adverse cyber environment. Security leaders in the corporation should work towards building repeatable and consistent workflows in order to mitigate the key cyber security issues.
It is important for ANZ Banking Group Limited that it establishes a plan for an incident response while ensuring that the workflows and plans are optimised. The company already used an open source platform which is critical for the corporation since it enables its stakeholders to contribute to the security infrastructure of the enterprise. By collaborating between processes, people and technology, the company can improve the incident response system which is crucial for identifying the key cyber threats faced by the enterprise which assist in promoting cyber resilience policies.
Cyber insurance is a key part of cyber resilience policies since it enables the corporation to effectively address the threats face by them and stay strong even in the adverse cyber environment (DiMase et al., 2015). By getting an effective cyber insurance policy, the company can avoid key risks since it can protect itself financially even after facing a cyber-attack.
ANZ Banking Group Limited collects and stores large datasets of information regarding the company and its customers. Cyber criminals focus on collecting this data by hacking into the servers of the company. By implementing the effective backup system, the company can ensure that its crucial data is protected even after facing a cyber-attack.
After implementing cyber resilience policies, ANZ Banking Group Limited should continuously assess those policies to determine their effectiveness. By continuously reporting regarding the cyber resilience policies and improvement in such policies, the corporation can determine the key changes which are required in those policies to protect the data of customers (World Economic Forum, 2017). Continuous improvement in these policies is also necessary to ensure that the enterprise should keep its cyber resilience policies updated with changing cyber environment.
Conclusion
In conclusion, the concept of cyber resilience is gaining significant popularity among organisations since it enables them to strive and thrive even after facing cyber-attacks. The importance of cyber resilience policies in corporations are continuously increasing as the risk of cyber-attack is becoming more prominent. The objective of cyber resilience policies is to ensure that the company is able to protect itself from cyber-attacks and continue to grow even after facing cyber-attacks. There are various principles which companies can comply with in order to integrate the cyber security infrastructure along with resilience protocols such as involvement of the board, continuous reporting, effective measures, and others. The examples of Apple and Netflix are discussed which are two of the biggest enterprises that have effectively established cyber resilience policies. In case of ANZ Banking Group Limited, various recommendations are given to assist the company in establishing cyber resilience policies such as involvement of board members, backup systems, cyber insurance, continuous reporting and prioritising the planning process. These factors will make the company more resilient which will assist it in sustaining its future growth.
References
Apple. (2018) Cisco, Apple, Aon, Allianz introduce a first in cyber risk management. [Online] Available at: https://www.apple.com/in/newsroom/2018/02/cisco-apple-aon-allianz-introduce-a-first-in-cyber-risk-management/ [Accessed on 7/9/18].
Arghandeh, R., von Meier, A., Mehrmanesh, L. and Mili, L. (2016) On the definition of cyber-physical resilience in power systems. Renewable and Sustainable Energy Reviews, 58, pp.1060-1069.
Crozier, R. (2018) ANZ Banking Group reveals major cyber defence overhaul. [Online] Available at: https://www.itnews.com.au/news/anz-banking-group-reveals-major-cyber-defence-overhaul-499304 [Accessed on 7/9/18].
Davis, A. (2015) Building cyber-resilience into supply chains. Technology Innovation Management Review, 5(4).
DiMase, D., Collier, Z.A., Heffner, K. and Linkov, I. (2015) Systems engineering framework for cyber physical security and resilience. Environment Systems and Decisions, 35(2), pp.291-300.
Ferdinand, J. (2015) Building organisational cyber resilience: A strategic knowledge-based view of cyber security management. Journal of business continuity & emergency planning, 9(2), pp.185-195.
Hall, G. (2017) Why Netflix is developing its own cybersecurity products. [Online] Available at: https://www.bizjournals.com/sanjose/news/2017/12/13/netflix-develops-own-cybersecurity-products.html [Accessed on 7/9/18].
Harrop, W. and Matteson, A. (2015) Cyber resilience: A review of critical national infrastructure and cyber-security protection measures applied in the UK and USA. Current and Emerging Trends in Cyber Operations, pp. 149-166.
Joiner, K.F. (2017) How Australia can catch up to US cyber resilience by understanding that cyber survivability test and evaluation drives defense investment. Information Security Journal: A Global Perspective, 26(2), pp.74-84.
Lee, M. (2012) ANZ E*Trade outage actually DDoS attack. [Online] Available at: https://www.zdnet.com/article/anz-etrade-outage-actually-ddos-attack/ [Accessed on 7/9/18].
Reed, B. (2014) Apple provides key new details on the massive iCloud hack of nude celebrity pics. [Online] Available at: https://bgr.com/2014/09/02/apple-icloud-nude-celebrity-pictures-hack/ [Accessed on 7/9/18].
Schmitz, A. (2016) PwC Study: Biggest Increase in Cyberattacks in Over 10 Years. [Online] Available at: https://news.sap.com/2016/01/pwc-study-biggest-increase-in-cyberattacks-in-over-10-years/ [Accessed on 7/9/18].
Vijayan, J. (2017) Netflix Incident a Sign of Increase in Cyber Extortion Campaigns. [Online] Available at: https://www.darkreading.com/attacks-breaches/netflix-incident-a-sign-of-increase-in-cyber-extortion-campaigns/d/d-id/1328794 [Accessed on 7/9/18].
World Economic Forum. (2017) Advancing Cyber Resilience: Principles and Tools for Boards. [PDF] Available at: https://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf [Accessed on 7/9/18].
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
