What Does Cyber Resilience Mean in the E&U Industry?

Why Cyber Resilience Must Be a Continuous Effort in E&U

If E&U organizations are to remain secure in an increasingly volatile threat landscape, they can’t afford to slack off.

“Resilience should not be viewed as a series of one-off or intermittent projects,” notes KPMG. “Rather, it should be an adaptive strategy that complements the organization’s cybersecurity agenda, protects customer interests, aligns with business objectives and focuses on delivering long-term value.”

No organization will ever technically be done with cyber resilience. It’s achieved and maintained only through continuous effort.

DISCOVER: Learn three focal points for any cyber resilience program.

Three Pillars of Cyber Resilience in Energy & Utilities

According to experts, successful cyber resilience consists of three main pillars: backup technology, business continuity and incident response planning. Here’s a closer look at each.

Pillar 1: Backup Technology

When a cyber incident happens, backup technology can mean the difference between a brief disruption and an extended crisis. Microgrid, uninterruptible power supply and energy storage system technologies can be pivotal to maintaining power in the face of attacks. Data backup and recovery software solutions such as those from Dell Technologies are essential too, helping protect against ransomware by restoring systems when attackers encrypt or destroy critical operational or customer data.

Of course, these technologies don’t just help combat cyberattacks. They help organizations navigate any incident, including extreme weather impacts and overwhelming electricity loads. Forty-eight percent of Americans report an increase in power outages in their area over the past few years, and they expect power to be restored in record time.

Pillar 2: Business Continuity

Business continuity is about maintaining critical operations during and after any disruption. It also requires that teams have backup strategies in place so that business operations continue running as usual.

Failure to do this can prove costly. SolarWinds notes that the energy industry incurs one of the steepest downtime costs at $2.48 million per hour — more than double the cost of downtime in retail and about four times the cost of downtime in healthcare. And unlike technical outages that usually last a few hours, a break in power due to natural disasters can last days or even weeks.

 But with the right strategy, organizations can mitigate and avoid downtime even in the most adverse circumstances.

Click the banner below to find out what cyber resilience means to business success.

Pillar 3: Incident Response Planning

Incident response focuses on detecting, containing and recovering from cyberattacks. It doesn’t need to be as overwhelming as it sounds. Establishing a clear and practical incident response plan, followed by tabletop exercises to ensure team members understand the plan, can go a long way — and is something companies often forget.

“Many organizations rush to purchase new technology solutions without first understanding the gaps in their existing efforts,” CDW experts explain. “IT leaders should take the time to develop a security strategy that assesses the risks facing their organizations and then design controls to remediate deficiencies.”

John Hendly, Coalfire’s vice president of offensive security and the former head of strategy for IBM X-Force, writes in a blog for the Austin Chamber of Commerce that IT leaders should “accept that breaches are inevitable and set up methods for rapid response; speed is the biggest key to limiting the blast radius. It’s critical to deploy predictive and forward-looking technology while preparing for a nimble response when — not if — a breach occurs.”

UP NEXT: How to protect critical infrastructure and OT systems from a cyber attack.