It's a familiar refrain: it's not a question of whether your organisation is going to be attacked, but when. Recent events have shown this time and again.
Does this mean we should be fatalistic? Not at all! There are many techniques for preventing, withstanding and recovering from a cyber security incident. This is what we call cyber resilience.
All organisations can achieve this resilience and respond more effectively to cyber threats. This journey involves three fundamental stages: governance, a business continuity plan and the introduction of immutable backups.
1. Governance. Organisations need to implement basic measures to reduce the risks associated with cyber threats such as ransomware or leaks of sensitive data. These requirements are formalised at European level in the NIS2 directive, which imposes cybersecurity obligations on the majority of medium and large companies. In Belgium, these principles are concretely implemented through the CyberFundamentals Framework of the Centre for Cybersecurity Belgium, a structuring tool allowing any organization - even the smallest - to assess its maturity in the face of risks and guide its compliance efforts.
2. Business continuity plan. An attack is always possible. In this case, you need to have a plan to enable you to take the right actions at the right times. The business continuity plan lists all the steps you need to take to get your business back up and running as quickly as possible. This action plan is essential to cover all the organisational, human, physical and technological aspects.
3. The introduction of read-only backups. Once the attack is under control, you need to restart your systems. This is made possible by prior backups, hosted in a secure IT environment.
There is also a fourth, equally important stage: finding the right partner. NRB is your ally in building your line of defence with end-to-end services in all areas of security: governance, detection, identification, protection, response and recovery.
Lorenzo Bernardi, Head of Security Services at NRB, and Vincent Ceriani, Head of Cyber Risk Services, will be covering all the key aspects of cyber resilience in a webinar dedicated to this important subject, in French (on 25 November) and English (on 1 December), between 11 a.m. and 11.45 a.m.
