Only 31% of UK companies had conducted a cyber-risk assessment and only 15% of them had formal plans to manage cybersecurity incidents. *
Cyberattacks continue to increase and become more sophisticated every year, especially with the advent of AI. Since the launch of ChatGPT, in 2022, phishing attacks in the form malicious emails have risen by 4,151%**. Businesses must adapt their cyber resilience standards to withstand these attacks.
Conor O’Neill shares his knowledge and expertise with businesses and HR departments on how to improve their cyber resilience by 2025.
What is cyber resilience? Why is it important
Cyber resilience includes all aspects of cybersecurity, including defence and response. Both complement each other and form a solid foundation to combat cyber attacks, both in preventative measures and reactive ones.
Cyber resilience is the sum of all aspects of cyber security, including the ability to monitor, prevent, respond and react, and contain an attack. It provides a more comprehensive protection against new threats while empowering organizations to manage potential network risks effectively and efficiently.
Here’s a list of ways you can increase cyber resilience among your employees:
Training staff
According to the Government’s Cybersecurity Breaches Survey 2023 ***,, only 17% businesses train their employees in cybersecurity.
It is important to educate employees about cybersecurity, and not just the IT department. This will increase cyber resilience throughout your company. Employees must understand their role in risk management, incident response and planning. This will improve the overall security posture of your organisation.
Research shows that despite the increasing use of AI in cyber attacks, human error is still the biggest threat ****. Your workforce should be trained on phishing, two-factor authentication and password hygiene. These topics will help to secure the fundamental defence of your organisation.
Businesses should make it a priority to provide cybersecurity training for their staff, and keep the programme updated as the threat landscape changes. Staff cybersecurity training should be conducted at least once per year. Smaller training sessions can then be offered as needed. Employee education is a key component of any business’s cyber defence. This is especially true when it comes cyber resilience.
Self-assessment
Self-monitoring is a key element in ensuring that your cyber defence system is up to date. AI’s ability to scan and monitor your network continuously to alert you of potential threats is one of the biggest benefits of recent increases in the use.
This continuous aspect is crucial. For large companies with extensive data, systems that provide real-time insights into the threat landscape are essential to achieving full visibility.
Businesses should also regularly test their cyber resilience and response by simulating attacks. This allows companies to assess a variety of factors, such as the response time for incidents, employee participation and success with phishing traps. After assessing the effectiveness of these simulated attacks, companies can evaluate their progress and determine which aspects of their security setup need to be improved.
Incident response training
It’s important to identify, monitor and analyse potential threats. But the way you respond to them is equally as crucial. For a business to be truly resilient in the face of cyber threats, it must have an effective incident response plan.
As part of the plan, employees are given the knowledge and tools to deal with an incident. Businesses often choose to simulate and conduct drills in order to put employees under pressure. These scenarios will simulate a real attack (i.e. These scenarios will mimic a real attack (i.e.
Communication is the most important part of a plan for incident response. A clear and concise communication line is essential. To save time, employees must be able to identify who they should report an incident to and how best to do so.
Cyber resilience is not about preventing, but rather responding. It is important to educate the workforce in order to develop a comprehensive Incident response plan. This will allow staff to efficiently and effectively report any threats in order to contain them to the maximum extent possible before responding, minimising risk for potential exploitation.
The original version of this article Cyber resilience at work: How to increase cyber resilience appeared first on HR News.
