Why invest in a culture of security: Resilience
In this blog series we look at some of the potential outcomes an organisation can have by forming and managing a culture of security. We will discuss topics like resilience, adaptability, Human Detectors, Efficiency, Shadow IT, Psychology, profitability and Risk management, and for each of the topics we will share a recommendation. This is the first post in the series and we are exploring Resilience and its value to organisations.
Resilience is the ability to sustain and survive dramatic events and changes. Organisations that go through a critical cybersecurity incident experience high costs, production disruptions as well as brand degradation. The costs can be prohibiting large, and many companies fail to survive. The time to recover from an incident can be long, and employees, customers and suppliers experience stress.
Organisations that are prepared, and have focused their security efforts on building resilience in their systems and organisations are more likely to recover fast, thereby reducing costs, disruption and stress.
Employees is the key resources in most modern organisations. When employees experience a critical security incident at their employer, they will experience a wide variety of stress. They will be wondering about their job security, they will be wanting to know how they will be able to continue to do their tasks, they will want to know how the incident will impact their day-to-day priorities and tasks. More over, they are asking themselves if they could have done something to prevent this, or worse, if they caused the incident in the first place. The challenge for the employees, and the psychological impact an incident have on them, is often neglected in business continuity plans and incident management strategies.
The good news is that we can change this practice and prepare all employees for what happens when the incident hits, and what will be expected from each employee when the normal communication tools, perhaps even the office, no longer is available to them. Resilient organisations focuses on preparing the employees for the inevitable.
To build resilient organisations, Praxis recommends implementing a good, iterative process for forming and managing the culture of security throughout the organisation's employees, technology and processes. The Praxis Process is based on the extensive research and experience of the Praxis team. Using seven steps, organisations build resilience by understanding what both the organisation and it's employees need in order to be ready to tack a security incidents.
The Praxis Process
The Praxis process is a seven-step model used by organisations to reduce employee friction, improve security and manage risk. The steps are:
- Build a Baseline
- Define goals
- Identify and describe the gaps
- Select target audience
- Design interventions
- Deploy interventions
- Review and report
To learn more about the Praxis perspective on resilience you can book your free 30 minute consultation with your Praxis subject matter expert here.