The symbiotic relation between resilience and effective cybersecurity strategies proposes a kind of web that interlaces traditional risk management methodologies and more adaptive and tangible frameworks (P.E. Roege et al., 2017, 383).
The White House (2013) describes resilience as: “The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions.”
Associating such adaptive concept to cybersecurity implies that risk management alone is not sufficient. It requires the flexibility of resilience to effectively challenge and prevail over cyberthreats. It also means that businesses need to safeguard multiple fronts at once to uphold the right to privacy. Raising awareness for cybersecurity manifests itself in the actual fissures of the playing field, while simultaneously shaping the behaviors of key actors.
“Information is one of the most dynamic of technology sectors; it is intimately tied to nearly all important functions and services” – Roege et al. 2017
A synergy takes place and ties together different worlds: natural, human, and cyber (Roege et al. 2017, 391). Indeed, cyber[security] – and therefore cybercrime – acts as an ecosystem with its own dynamics and structures. However, it does not exist independently from other worlds. Rather, it heavily relies on its natural and human counterparts. For example, in the occurrence of natural disasters – such as floods and hurricanes – human and natural security are on high alert, and all human efforts concentrate on the actual crisis. This allows for loopholes in the digital landscape as users are more distracted, less vigilant. Cybercriminals may take advantage of this disruptive opportunity to target human vulnerabilities. Essentially, cybersecurity does not exist in a vacuum, untouched by external worlds. Data regulations, information sharing, and surveillance impact cybersecurity as well as nature and humans. All three elements are in constant dialogue with one another (Roege et al., 392-393), and we have a responsibility, as professionals in the field, to work within this framework if we are to build more resilient strategies for cybersecurity.
Now, let us go back to our definition of resilience as per the Obama administration in 2013. Resilience implies preparedness, adaptation, resistance, and recovery. These concepts are not static. They affect workforce, and in turn, workforce shapes the way resilience is carried out (Roege et al., 400). Understanding that resilience is part of cybersecurity and that the latter requires resilience to prepare, adapt, withstand, and recover, it is undeniable that resilience includes information security awareness.
Information is one of the most dynamic of technology sectors; it is intimately tied to nearly all important functions and services, and it catalyzes individual innovation and effectiveness. […] It can be useful to conceptualize a digital world that operates distinctly, if in collaboration with the physical and human worlds. Given these factors, the cyber world would be a logical candidate for early adoption of resilience concepts (Roege et al., 410).
To this effect, the notion of raising awareness means to facilitate learning opportunities, a sort of give and take between actors, playing fields, and subject matter. Since resilience requires the cooperation between all three elements, we must recognize that it also calls for more learning, trying, failing, than trying some more. Until finally, learning opportunities have become the standards through which businesses and users operate. The workforce grows stronger, the business grows stronger, and the quality of cybersecurity follows suit.
Raising awareness is the actual playing field that drives resilience and information security and encourages learners and experts alike to participate in dialogue. Upholding a continuous learning environment, Information Security Awareness, emphasizes that an organization does not fear challenges and carries on despite the mishaps that might occur, and thus continues to prepare and learn. Raising awareness learns from risk management traditions, yet strives to adapt to an ever-changing technological landscape. And never forgets to move forward.
IRGC (2016). Resource Guide on Resilience. Lausanne: EPFL International Risk Governance Center. v29-07-2016
Roege, P.E. et al. “Bridging the Gap from Cyber Security to Resilience”, Resilience and Risk, I. Linkov, J.M. Palma Oliveira (eds). NATO Science for Peace and Security Series C: Environmental Security. Sprinter Science + Business Media B.V. 2017, pp. 383-414.