CyberRegulations & StandardsFrom Chaos to Clarity: Building Cyber Resilience ahead of APRA’s 2023 Priorities

Given the significant impact of recent data breaches, organisational leaders should be all too familiar with the chaos that can erupt in the wake of a cyber-attack. As the cyber-attack landscape continues to evolve, it’s imperative that organisations are prepared to respond effectively at all levels of the organisation.

To safeguard the interests of customers of APRA-regulated entities, the Australian Prudential Regulation Authority (APRA) has unveiled its policy and supervision priorities for 2023. Among these priorities is a sharp focus on cyber resilience, which will include heightened supervision of cyber resilience through detailed assessments and rigorous pursuit of breaches.

The move underscores APRA’s commitment to promoting robust cyber security practices across the Financial Services industry and emphasises the importance of cyber resilience in today’s digital age.

We’ve also seen the Australian government recently double down in its commitment to strengthen cybersecurity with the release of the 2023 – 2030 Australian Cyber Security Strategy Discussion Paper. The Federal Government is considering a significant reform of its cybersecurity strategy, which could take the form of a Cyber Security Act or an expansion of the existing Security of Critical Infrastructure Act.

Harnessing Business Agility to Improve Cyber Resilience

As the frequency and severity of cyber-attacks continue to rise, a new generation of leadership are harnessing the power of business agility to strengthen their cyber resilience. Business agility refers to a company’s ability to quickly adapt and respond to unexpected and fast-moving disruption.

By building a culture of agility, organisations can strengthen their resilience against any threat, including cyber.

One key factor in achieving business agility is empowering your people to confidently use their skills and connections to make quick, informed decisions. This involves a cultural shift within the organisation, as well as a transformation of how teams, third parties, policymakers, and even customers work together.

To start, it’s essential to establish context, capability and connectivity. Context involves gathering intelligence on the evolving threat landscape, markets, and society to make informed decisions. Capability refers to the skills of your people to analyze and respond to changes, while connectivity is crucial for a reliable flow of information and decision-making.

Building a culture of business agility is essential for achieving cyber resilience within an organisation. Leaders must prioritise training their teams to develop the skills and resilience muscle necessary to absorb and analyze critical context and respond quickly and effectively to cyber threats.

This requires a proactive approach to risk management and a commitment to ongoing training and development of people. By fostering a culture of resilience, organisations can enhance their ability to withstand cyber-attacks and quickly recover from any disruptions.

iluminr | Resilience Flywheel

 

Improving cyber resilience with iluminr

iluminr’s resilience platform offers financial services institutions a way to enhance their cyber resilience, taking them from wargaming to gameday response.

iluminr utilises immersive 15-minute Microsimulations to engage the entire organisation in bite-sized wargame scenarios that simulate disruptions and rapid change. By participating in these simulations, teams can pinpoint gaps in their cyber resilience program and develop the skills and knowledge needed to effectively respond to any incident, including cyber-attacks.

iluminr Microsimulations are accessible from any location and device, allowing participants to engage in these short games and build confidence in their ability to respond to live cyber incidents.

On gameday when an incident does take place, iluminr can be used by teams to access threat intelligence, deploy communications, perform real-time strategic risk assessments, and activate dynamic playbooks for a guided response. Additionally, once the event (simulated or real) has ended, a time stamped report can be generated for regulatory and auditing requirements.

Helping financial institutions meet APRA’s 2023 cyber resilience priorities

iluminr’s resilience platform leverages a suite of AI-powered tools to help APRA-regulated entities build cyber resilience and comply with Prudential Standard CPS 234 Information Security, while also preparing themselves for upcoming federal government changes earmarked for late 2023 and beyond

Here are some of the ways iluminr can help APRA-regulated entities build cyber resilience:

Training and Awareness: APRA-regulated customers are utilising iluminr Microsimulations at all organisational levels to ensure a consistent level of preparedness against cybersecurity threats, while continuously enhancing their incident response capabilities. Because these Microsimulations are short, they are deployed more frequently, leading to higher engagement levels among team members and better retention of knowledge regarding cyber resilience and how it applies across the organisation.

Review and test cyber response plans: iluminr’s bite-sized microsimulations have helped financial services customers to effectively test and review their cyber response playbooks against targeted cyber threats, such as data breaches and ransomware attacks. Through microsimulations, organisations can test their response procedures and assumptions simultaneously, while also potentially identifying gaps in outdated business impact analysis data.

Incident Management and Response: iluminr’s powerful resilience platform allows Financial Services Institutions to swiftly mobilise teams to respond to and recover from cybersecurity incidents. iluminr transforms information from facts and strategic impact assessments into actionable insights, presented in a single operating picture that facilitates coordinated and data-driven decision-making by teams and boards. Additionally, iluminr provides guided playbooks that enable organisations to respond quickly and efficiently to cybersecurity incidents.

Policy and Compliance Management: iluminr’s document repository enables clients to store important documents, such as business continuity plans, cyber response playbooks, and cyber security policies, in a central location. This repository can be accessed from any device and any location.

Improving Information Sharing: iluminr provides a secure and efficient way for financial services institutions to share information during and after a cyber security incident. Additionally, response actions are timestamped in iluminr and generated as a shareable report for post-incident reviews, and can also be submitted for auditing and compliance requirements.

Check out iluminr to discover how you can build cyber resilience across all levels of your organisation.

 

Author:
Michelle Doan
iluminr Director of Marketing

Microsimulations recognized in Gartner Hype Cycle for Legal, Risk, Compliance and Audit Technologies, 2024 Read more
+