Resilience is defined by Merriam-Webster as “an ability to recover from or adjust easily to misfortune or change.”
Resilience is a core principle of cybersecurity.
The National Institute of Standards and Technology defines cyber resilience as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.”
Anticipating misfortune. Noticing a problem and acting before it gets bigger. In cybersecurity, this is why we encourage people to keep their systems current and patched. On average, it takes five to 15 minutes to patch a Windows computer, but occasionally it takes an hour or so. On average, it takes one to two hours to patch an application server, but occasionally it takes 8 to 10 hours. On average recovering from a cyber attack takes approximately 22 days, or sometimes a few months.
Withstanding misfortune. Even with patching, we can’t prevent all the bad things that can happen in cybersecurity. In 2023, there was an estimated $12.5 billion of loss due to cybercrime. Recently, cybersecurity company CrowdStrike put in an automated patch worldwide that had not been tested properly in live environments. According to research done by Parametrix, a total loss of $5.4 billion was caused by the CrowdStrike outage. Research suggested companies that were less affected had multiple methods of dealing with the risks. Don’t put all of your eggs in one basket. In cyber security we call this defense in depth.
To be more cyber resilient, patch your electronic devices and use multiple methods of security.