Lets have a look at the words Resilience & Security in Cyber
Security –> Defense, Guard, Preventive, Protect, Shield
Resilience-> Buoyant, Supple, Elastic, Quick to Recover, Rubbery, Springy
Cyber Security is a proactive approach towards building our wall of defense against cyber threats.
Why Security & Resilience ?
In terms of the point of effect, we can categorize threats into two:
- Threats that are intended to gain access to your confidential data (eg. confidential data theft)
- Threats that are intended take down your service or systems (eg. Randsomware, DDOS attack)
Once your data has been compromised, having resilience is a matter of dispute or uncertainty. Considering situation mentioned latter, Resilience comes into focus.
Siting an example, a situation where your company network is compromised, servers are encrypted by randsomware attack. Your security infrastructure failed to prevent the threat. Provided you have had a regular backup plan, or a paper copies enough to reconstruct data, your business may still recover back to normal operations.
In this example, the plans in place of having a backup data, or retaining data in papers, was part of strategies that increased your resilience in this situation (Resilience Strategy in Cyber Incidents)
Importance of correlating Resilence to Security
While talking about Cyber Security vs Cyber Resilience, Cyber Security is more about your defensive mechanisms or rather than to prevent an attack. BUT, we can never make our systems 100% secure / protected from attacks. We need to think of Cyber Resilience. Here we ask ourselves – what if we cannot prevent an attack? How can we ensure our systems do not go down? How can we bounce back to normal?
Even then you may not prevent or recover from 100% situations, the goal is to find a balance between prevention and adaptability.