How does one build a truly cyber-resilient business?

How does one build a truly cyber-resilient business?

The end-goal of almost any exercise pertaining to cybersecurity and crisis management is one – being able to build a truly cyber-resilient business. If you get this one strategy right, everything else automatically falls into place. 

Therefore, when Cyber Management Alliance got together some of the Middle East’s best minds in the domain to its bi-annual Dubai Wisdom of Crowds, it was only natural that we picked at their brains about this extremely straight-forward but super critical question. 

Here’s what the experts had to say: 

• Haider Pasha, Senior Director & CSO, Palo Alto Networks, “Cyber resilience, as the name suggests, is our ability to get back on our feet once we’ve been hit by a cyber-attack or a cyber incident. The best way to do this is to build a plan around it is to focus on making sure you have the right strategy, you have the right level of executive sponsorship, including the CEO all the way down. Build clear organisation levels in terms of understanding the organisational culture in terms of cybersecurity, understand the organisational governance that has been put into place, then focus on processes, focus on policies and then focus on the technology. In my opinion, it should always be the last thing you look at, after getting all the other layers right.”
  
  

• Moussa Arab, Senior Broadcast & IT Network Security, Government of Dubai, “In today’s world, what is happening is that we always need to take into account the fact that operations services do not think about the information that is transmitting over the network or the technology used; they think more about business continuity. The main focus for me would be to have a proper business continuity plan and based on this plan.”
  
  
• Solayman Refae, Group CIO, Webcor, “First we have to understand the crown jewel of the business and we have to start by protecting the crown jewel. Define the supply chain and go by the risk management and define what’s most important – that’s the best relationship between the CISO and the top management.”
  
  
• Barakat Alkindi, Director, Digital Transformation, Abu Dhabi Police, “There are a lot of aspects – automation, integration, having internal capabilities, training your people and focussing on different threats and how to report those threats – all of this can help to get resilience.”
• Manas Sarkar, DGM & Business Head, Managed Security Services, “A lot of businesses today and a few years ago as well, used to talk about how IT is a business enabler. But in certain types of businesses, IT is actually a business driver. If you don’t have the right IT strategy, you’re out of business. And IT without security, is a disaster. For example, when employees are being allowed BYOD at work, it gives them flexibility but at the same time, the challenge is if you don’t have the right BYOD policy and security in place, then BYOD is equivalent to ‘bring your own disaster’. IT has to be agile because all CIOs and CISOs are wearing two hats together. They are business leaders as well as technology leaders. There has to be a sync between the two. In security, there has to be a sync in every layer otherwise it can be disaster.

• Mina Gerguis, Manager, IT, Automech Group, “That’s one of the questions, I’m still seeking an answer to. That’s why I’m attending such conferences and events; to work out what are my options to get the best solutions that can fit with my organisation.” 

Subscribe to the Cyber Management Alliance YouTube channel for more insights and interviews from leading cybersecurity executives across the world: https://www.youtube.com/channel/UCm-r7aanAKPc8bu-FqaTVyw