Practical tips for business owners to build cyber resilience

Jakarta (ANTARA) - Cybersecurity practitioner and Deputy Head of the Master IT Programme at Swiss German University, Dr. Ir. Charles Halim, has shared practical tips for business owners to ensure their businesses possess cyber resilience even before experiencing a cyber attack.

These practical tips involve business owners proactively implementing key pillars in their digitally transforming businesses to achieve optimal cyber resilience.

“There are five pillars. They consist of detection, identify, protect, then recovery and response. These pillars teach or prioritise that security systems should no longer be prepared reactively, but proactively,” said Charles during a discussion attended in Jakarta on Monday.

The meaning of these pillars is that they must be implemented proactively and not reactively, meaning all pillars are prepared before the business experiences a cyber attack, thus serving as part of prevention.

These pillars are also explained in the latest report by Indosat Ooredoo Hutchison (IOH) titled “Business-Based Cyber Resilience Strategic Framework”.

The report details the role of each pillar mentioned by Charles in the order: Identify, Protect, Detect, Response, and Recover.

Starting with Identify, in this pillar, business owners must begin by separating matters important to cybersecurity. Ensure critical assets, data, systems, personnel, and third parties that will provide cybersecurity services.

This pillar provides the foundation to ensure priorities and investments are appropriately directed to maintain cyber resilience systems.

Next, there is the Protect pillar, in this pillar, business owners must establish safeguards, including determining who can access important assets, preparing workforce training, and setting up resilience engineering.

This pillar is actually based on the question of how business owners can prevent cyber attacks in their digital systems.

Then there is the Detect pillar, in this pillar, business owners must diligently explore their systems to anticipate cyber incidents. Methods that can be done include continuous monitoring, detecting anomalies, and hunting cyber threats.

The hope is that when this pillar is implemented, if a cyber attack occurs, the time needed to handle it will not be too long because vulnerabilities are already known.

In the fifth pillar, there is Recover. This pillar is intended so that business owners can ensure their services can resume after experiencing a cyber attack. They must also strengthen their system resilience and integrate lessons learned after the attack.

This pillar is hoped to provide continuous improvement in cybersecurity systems and better safeguard the systems used in the business.

To complement these five pillars, Charles mentioned a sixth pillar called governance. Through this governance pillar, the five existing pillars are integrated so that everything becomes structured and easy to implement when a cyber incident occurs.

“We should not face this (cyber incident) by trial and error; it must be with good governance and structured management. This management and structure must be carefully considered through governance,” said Charles.

The same report reveals that 89 percent of companies in Indonesia have not yet achieved cyber resilience even as digital transformation continues in existing businesses.

Although digital transformation is progressing rapidly, many business organisations have not yet achieved cyber resilience to effectively respond to potential cyber incidents. The report states that business digitalisation growth has outpaced cyber resilience.

Even though the ICT market in Indonesia is projected to grow at a CAGR of 14.4 percent by 2025, only 11 percent are ready. In fact, 54 percent of companies implementing digitalisation still struggle to manage cybersecurity.