Robustness vs Resilience in Cybersecurity
Our cybersecurity architectures need to be resilient, not robust.
Let’s understand with an example:
Egyptian pyramids are robust.
They have stood the test of time for 1000s of years.
But they're not resilient. If you blow one up with dynamite, it will explode.
On the other hand, a coral reef is resilient. If you break off a part of it, it regenerates itself.
Similarly, in cybersecurity, we need to have the mindset of resilience, recovery, and recuperation.
This would also ensure that we shift from an architecture of needs to an architecture of possibilities so that it doesn’t impede business growth.
Because if you make it hard for business leaders to do their job and earn revenue, they won’t comply, and all your security programs will be out the window.
So you need to design the architecture to balance the need for the speed for innovation with the security controls you want to put in place.
And there is no single playbook on how to do that.
What works for a digital agency might not work for a healthcare company that must comply with GDPR and HIPAA regulations.
So a good security architecture must be:
- resilient
- growth-oriented
- industry-specific
Website:
https://securityscorecard.com
SecurityScorecard is the global leader in cybersecurity ratings and the only
service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.
#cybersecurity #cyberrisk #cyberratings