Businesses around the world face a growing threat of cyberattacks. Between 2020 and 2021, there was a 125% increase in cyberattacks, and more than 200 million records were breached in 2021. Small businesses are particularly vulnerable to cybercrime. A breach costs businesses $200,000 on average, with 60% of those going out of business within six months of the incident.
Technical security is not enough
Many businesses make the mistake of focusing only on the technical aspects of cybersecurity to protect their systems. While preventing an attack is obviously preferable to being a victim, malicious actors continue to become more sophisticated, making it increasingly harder to intercept every attack.
Companies must understand that attacks are always a possibility, but how one mitigates damage from them is key. Will you be able to recover and move forward or become one of the many who are forced to close their doors? Those in the former category are resilient. Cyber resilience is what keeps businesses running after an attack, and mastering it requires not just technical but soft skills.
In this blog you’ll learn:
● The difference between cybersecurity and cyber resilience
● The meaning of soft skills
● The soft skills organizations need for cyber resilience
Cybersecurity vs. cyber resilience
Understanding the differences between cybersecurity and cyber resilience and their role in mitigating attacks is key.
What is cybersecurity?
The United States Cybersecurity and Infrastructure Security Authority (CISA) defines cybersecurity as “the art of protecting networks, devices and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity and availability of information.” This is a somewhat narrowly-focused discipline centered on the application of technology to prevent attacks. Within an organization, this work may only involve the participation of a limited group of people, such as a security team.
What is cyber resilience?
Cyber resilience is the ability to prevent, detect, respond to, recover from, and forensically assess cyberthreats and challenges.
If cybersecurity is narrowly focused, then cyber resilience is looking at the bigger picture of how an attack can affect an entire organization. Cyber resilience can involve multiple departments within a company, and often includes the following elements:
● Business continuity and disaster recovery (BCDR): The practice of BCDR broadens the established IT practice of disaster recovery to include measures to ensure that a company stays operational after a cyberattack or other malicious event.
● Incident management: These are the steps that an IT team takes to get service back to normal as quickly as possible after an outage or attack.
● Crisis management: This is the public relations piece of resilience where an organization manages emergency situations and how they affect stakeholders and customers.
● Risk management: This is the practice of identifying risks to an organization, and their likelihood of occurring in order to minimize the impact they might have on the business.
What are soft skills? How do they relate to cyber resilience?
First, let’s define hard skills. These are skills that can be taught like writing or software coding. Soft skills, on the other hand, are gained through life and professional experiences. The US Chamber of Commerce expands the definition of soft skills stating, “these traits can be defined by your attitude, motivation, adaptability and overall personality.”
So, how do any of these traits relate to cyber resilience? Consider an unexpected event like a security breach that results in a significant amount of downtime. Hard skills used in this situation would be software engineering, coding and investigating systems to fix the problem. Soft skills here would be the ability to effectively communicate what happened to customers, vendors and other stakeholders, and thinking about how to prevent similar occurrences from happening in the future.
Soft skills needed for cyber resilience
Here are the top soft skills that top cyber resilient organizations value:
Listening
Cybersecurity professionals who are used to working solely within their teams may not understand the larger ramifications of a breach or malicious incident on the wider organization or its customers. But they don’t know who they may have to work with in the event of an organization-wide incident. They can gain this knowledge through active listening. This means paying attention to the speaker and then being able to accurately reflect back what they have said.
Knowledge sharing
Businesses are composed of many individuals who are working to achieve a common goal. But this goal cannot be achieved if everyone does not have the information to do their jobs correctly. Knowledge sharing is the act of bringing together personal or individual knowledge to organizational knowledge. This does not necessarily mean having verbal conversations with every employee, but resilient organizations have a centralized place (e.g., internal wiki) where important information can be shared. Individual contributors should be encouraged to review and add to these documents within their areas of expertise.
Communication
As the adage goes, “it’s not just what you say, it’s how you say it.” The same goes for the individuals attending to a cybersecurity incident. Technical team members need to be able to relay what happened and what they are doing about it to non-technical team members. The non-technical team needs to be able, in turn, to relay that information to the general public. Building communication skills requires team members of different disciplines to take the initiative to understand more about the work being done by their colleagues.
Negotiation and persuasion
Negotiation means coming to a shared understanding or agreement with another party who does not initially agree with you. Persuasion is the skill of convincing others to change their opinions on a subject. These combined skills are important for cyber resilience because there may be many differing opinions on how to mitigate a breach and communicate the situation to stakeholders. Not everyone will be right, but a skilled negotiator will be able to gather their thoughts, provide justifications and communicate clearly about their point of view.
Leadership and coaching
The range of people managing a cyber incident may go all the way from the C-suite to the most junior individual contributor. If a junior employee has vital information that can help mitigate the incident, they need to be empowered to speak up. It is the responsibility of senior staffers to empower junior employees to contribute to larger organizational initiatives. This can be done through regular coaching sessions.
Critical thinking and creativity
As the tactics of malicious actors change, how organizations deal with cyberattacks will have to change also. A crisis management solution that was successful a few years ago, may not have the same result today. The soft skill of creativity requires an openness to try something new and to not be afraid if it does not work out. Developing this soft skill requires individuals to be attuned to the latest news in their industry and understand how to apply this knowledge to their work.
Flexibility
This is related to the soft skills of negotiation and persuasion. It is just as important to be willing to change your mind and accept that someone else may be right as it is to do the persuading. It is also important to be able to quickly change course if an initial plan is not working.
Collaboration and teamwork
As noted earlier, cyber resilience involves the work of an entire organization. Every individual must be willing to work with anyone else in the organization to resolve the incident.
Conclusion
As cyberattacks grow more sophisticated, with the potential of causing more damage than in years past, it is essential that organizations do all they can to minimize the impact of these events on their businesses. Thinking past the technical aspects of cybersecurity and transitioning to a system of cyber resilience will help them be prepared for whatever comes in the future.
Acronis Cyber Protect Cloud helps MSPs and businesses achieve cyber resilience. It is the only solution that natively integrates cybersecurity, data protection and management to protect endpoints, systems and data. With Acronis Cyber Protect Cloud, MSPs can protect their customers better with one integrated solution that keeps costs down. Try it today!
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.