We’re delighted to report that Rebecca, our fantastic Operations Manager, completed the Arctic Challenge and returned home safely earlier this month. Becky described her experience as ‘truly cleansing for the soul’.
As we shared some of her final preparation in the countdown before she set off for the Arctic Circle, we couldn’t help but notice the many synergies between undertaking a huge test of personal resilience, and resilience in the context of today’s cyber landscape.
Our favourite definition of resilience is how well you bounce back.
Resilience is born out of enduring and surviving difficult experiences, but when it comes to cyber security, we advise against waiting until things have gone wrong to find out just how resilient your organisation is in response to an attack or breach.
The secret to building resilience is to leave no stone unturned. Just as Rebecca’s preparation for the Arctic Challenge involved time, effort, commitment, support from others, balanced nutrition, physical training and good mental wellbeing, developing cyber resilience as a business requires a holistic approach, too.
Planning
We chatted to Becky about the amount of planning and organisation that went into the Arctic Challenge, from the moment she signed up – and even beyond the moment she landed back in the UK. Since registering for the fundraising challenge, Becky’s faced major disruption caused by Covid-19 including multiple delays impacting the dates of the event itself. On top of this, she enforced a number of her own restrictions to avoid catching the virus in the final run up to the challenge. A Navy veteran herself and now married to a serving member of the Navy, Becky also had to factor into her planning and preparation the possibility that her husband would be deployed on an urgent mission.
“There’s always been the potential for further disruption. Our connection to the military increases the likelihood of a spanner being thrown in the works! In recent weeks, I’ve been creating a backup plan on top of the backup plan – to ensure my challenge would go ahead, and to ensure everything ticked along while I was away.”
Fantastic planning plays a large part in ensuring cyber resilience. Scenario planning and systems testing is not only critical to protecting yourself in the event of a breach or cyber security incident, it’s an ongoing requirement that must respond to continuously changing digital environments and threat landscapes. Do you have a backup plan on top of your backup plan? Have you anticipated potential disruption sufficiently to feel confident that business operations would continue after impact?
Don’t forget to factor in how your function might perform under the stress of a breach or attack in the event another external influence is at play. A backup on top of the backup plan will be absolutely crucial in the event your experts are distracted or unavailable due to circumstances we can’t predict.
Revisiting the plan
We joked with Becky about how fitting all her necessary kit into one rucksack was a challenge in itself, aside from spending a week moving through deep snow without much opportunity for rest. In those weeks leading up to the start of the Arctic Challenge, checking and double checking her kit list, and testing everything worked, was imperative.
If you’re heading up a cyber security function, this is exactly when heightened attention to detail comes in handy. Not only would Becky struggle if just one of her essential items was missing, she also needed a practical and efficient strategy for repacking the rucksack – a strategy that would be easy to execute in the toughest of conditions.
Staying up to date with the latest information and revisiting the plan are things any proactive cyber security function would find themselves doing. And while these tasks may sound simple, allocating sufficient time and effort to ensure thoroughness is often where organisations fall down – especially smaller businesses without devoted cyber security resources.
Becky knew from the get-go that emotional resilience would prove itself even more important than physical strength when it came to the crunch. Having a plan, and knowing it inside and out enables you to act calmly and avoid mistakes when crisis hits and rational thinking can’t be relied on.
Role play-based scenario training is a very effective way to build ‘muscle memory’ and strengthen your human and network defences against cyber attacks.
Core motivators
Whether you’re committing to complete an Arctic Challenge, or whether you’re devising an effective cyber security strategy, you’re not just doing it for one reason alone.
In Becky’s case, multiple sources of motivation kept her moving towards the finish line – even when she couldn’t see five metres ahead because of heavy snow. The list of reasons that made it worthwhile putting in every last ounce of effort grew as time went on, too.
Have you stopped to uncover your team and your organisation’s core motivators for developing and delivering against a proactive risk management and cyber security strategy?
Have a guess who this list belongs to…
We discussed Becky’s reasons for taking the Arctic Challenge and investing herself fully in training and preparation. Here’s the shortlist:
- Raising funds for a good cause
- Personal challenge
- Don’t want to let the group down
- Don’t want to miss out
And how about yours? It might look something like this:
- Contributing towards growing profits
- Developing professional skills and getting recognised for doing a good job
- Don’t want to let your team, your customers, your partners, your investors down (the list goes on!)
- Don’t want to miss out on future opportunities due to damaged reputation
Recovery
What’s in your recovery plan? It’s never just a case of it being over when it’s over. Surviving an Arctic Challenge or a security incident involves just as much post-event TLC as it does prior training. “I’ve been preparing for the exhaustion with extra sessions in the gym to maintain my core strength. The rumours are true – it’s really boosted my energy levels!”
Valuing a practice like yoga would enable Becky to take a step back in moments when there was a risk that what was affecting her, was also affecting those around her. And while yoga wasn’t in her arsenal before she decided to test her survival abilities in freezing conditions, it’s something she plans to maintain long after the challenge is finished.
No one heads back inside after spending three nights in the Arctic unscathed – and in fact, the fall out after a cyber attack or security breach is much more likely to leave lasting scars.
In both examples, we can agree that our idea of a risk or a challenge is never quite reflected in reality. And after such a huge effort invested in preparing for this event, planning for the come down was particularly important. Becky is now in full support mode as her husband and brother-in-law embark on a different endurance challenge.
Becky rattled off a list of eight powerful questions that she’d been asking herself as she took on this challenge. We think it’s so relevant, we’re sharing it here for anyone to take advantage of. Why not include it in your next scenario planning session?
- Will I stay focused?
- Will I hold responsibility?
- Will I retain my sense of humour?
- How will it push me?
- How can I remain positive?
- What will I learn from it?
- How can I make sure I come out as a better person?
- How can I apply this experience in my work?
Undertaking a major test of your resilience provides new perspective and creates a benchmark for every future challenge you’ll face. Who’s ready to hit the cyber gym?