![robert frazer robert frazer](https://image.pmgstatic.com/cache/resized/w468/files/images/film/photos/158/688/158688990_4fc801.jpg)
What really happens inside companies during a serious cyber attack - and what they learn from the experience - remains largely hidden from the public eye. Resilience is important, because it helps companies deal with disruptions they can’t fully prevent or predict. In practical terms, the purpose of resilience means minimising the impact of an attack, and expediting organisational recovery. Resilience is an organisation’s ability to anticipate, withstand, recover and learn from cyber attacks. The purpose of cyber security is to prevent cyber attacks while protecting confidentiality, integrity, and availability of systems and data. In addition, companies need to focus on building resilience.Ĭybersecurity and resilience are two distinct concepts, and understanding their differences is important in managing an organisation that not only survives but thrives in today’s digital age. Therefore, investing in cyber security isn’t enough. Most serious attacks occur because attackers spend weeks finding ways into corporate networks through perfectly normal business transactions and companies often have real difficulties detecting the intrusion. Many of the most serious cyber attacks occur not because an employee clicked on a malicious link in a spam email - although this does happen. If those companies cannot completely prevent cyber attacks, how can anyone? The short answer is: no one can. Even the largest and technologically most advanced companies - such as Apple, Google, Facebook, Yahoo, JPMorgan Chase or even the US military - have suffered from cyber attack. Spending on cyber security increases every year, but serious attacks keep succeeding. Evidence of that inability to prevent cyber attack fully is all around us. RecommendedĬompanies that have fallen victim to a serious cyber attack come to understand that cyber attacks can’t be prevented. In our digital age, the danger from cyber attack is greater than ever before. What used to be a conversation among computer nerds decades ago is now one of the most pressing organisational and societal challenges. The World Economic Forum continues to list cyber security risk as one of the most likely and impactful enterprise risks. According to a study from London Business School, cyber risk has tripled since 2013. The threat from cyber attack has become a major risk to profitability and business success. Two weeks later on May 30, a similar cyber attack hit the world’s largest meat producer, JBS meat, paralysing its beef and pork slaughterhouses. Just days later on May 13, a cyber attack crippled most hospitals in Ireland, causing substantial cancellations to outpatient services. On May 7, cyber criminals attacked the US pipeline operator Colonial Pipeline, a major artery that supplies almost half the oil to the US East Coast, leading to gasoline shortages and long queues at petrol stations. Over a three-week period in May 2021, the world witnessed three high-profile cyber attacks. The Economist describes the current state of cyber security as a ransomware pandemic. Devastating cyber attacks happen all the time and any company can fall victim. Robert’s remarks seem to describe an experience with an exceptionally bad cyber attack, but there was nothing unique about it. I hope that our incident can be a wake-up call not just for our company but for everyone who has anything to do with technology, which I presume is every company in the world.” Yet, I argue that it was a very important wake-up call. Robert went on to say: “This cyber attack was a very significant wake-up call for a global company like us - and also a very expensive one. We had to reinstall our entire IT infrastructure - more than 4,000 servers, 50,000 computers, 3,000 applications.” “A call came from the office that we had suffered a serious cyber attack, which brought our business to a complete standstill. It was early in the morning when I was woken up at 4am,” said Robert Frazer, chair of a large, international enterprise. The Cybersecurity Wake-Up Call Building resilience in the digital age BY MANUEL HEPFER Edited excerpts from the book proposals of the three finalists for the 2021 Bracken Bower Prize, backed by the Financial Times and McKinsey.