The National Institute of Standards and Technology (NIST) at the U.S. Department of Commerce, also
            has many recommendations for fostering cyber resilience in an organisation. The NIST Cybersecurity
            framework 2.0 presents six core functions – designed to organise cybersecurity outcomes at their highest
            level:


            Govern: Ensure your organisation’s cybersecurity risk management strategy, expectations, and policy
            are  established,  communicated,  and  monitored.  This  includes  understanding  and  assessing  specific
            cybersecurity needs and implementing continuous oversight and checkpoints.

            Identify:  Account  for  and  understand  all  current  cybersecurity  risks  to  your  organisation.  Find  and
            document  the  main  processes  and  assets  that  are  essential  for  daily  operations,  all  computers  and
            software your organisation uses, what information is gathered and where it’s stored and possible threats
            and weaknesses.

            Protect: Employ safeguards to manage your organization’s cybersecurity risks. This could incorporate a
            range  of  simple  steps,  from  managing  user  access  to  resources  and  providing  employees  with
            cybersecurity training to the use of endpoint security products and data encryption.


            Detect: Make sure possible cybersecurity attacks and compromises are found and analysed. Implement
            procedures for detecting indicators of a cybersecurity incident on both the network and in the physical
            environment. If an attack is detected, your organisation should work quickly to understand the impact and
            alert authorised staff and tools.

            Respond: Take swift action following a cybersecurity incident. Once an incident is declared, execute
            your response plan, taking care to ensure that everyone knows their responsibilities. Analyse what has
            taken place, determine the root cause and prioritise the most pressing issues. While containing and
            eradicating an incident, safely collect relevant data to inform future response plans.

            Recover: Ensure all assets and operations affected by a cybersecurity incident are restored. After an
            attack, clarify who, within and outside your organisation, has recovery responsibilities before beginning
            recovery efforts. Ensure all affected systems and services are operational, double checking all work
            before resuming regular operations. It’s crucial to communicate with internal and external stakeholders
            throughout this process, carefully accounting relevant information and learnings.

            As  with  all  digital  transformation  projects,  it  will  take  time  to  begin  to  put  the  various  policy  and
            technological conditions in place to start building up your organisation’s cyber resilience and building a
            cyber resilience culture from within.


            However, it’s crucial you get a move on today – start having conversations with your IT team and look to
            partners with experience in fostering cyber resilience within organisations.
            Because, in a hyperconnected world where digital disruptions can range from minor inconveniences to
            catastrophic breaches, cyber resilience is the strategic armour that ensures an organisation's ability to
            not just survive but thrive in the digital landscape.









                                                                                                              72