Matthew Gardiner

by Matthew Gardiner

Senior Product Marketing Manager

Posted Jan 23, 2018

What’s the difference between Cybersecurity and Cyber Resilience?

While the term “cybersecurity” is as old as the hills in the security world, the term “cyber resilience” has been gaining momentum. This is a good thing. Cybersecurity management is complex and always changing, and focusing on security alone simply isn’t enough – organizations need a more comprehensive strategy. You might ask: “Isn’t cyber resilience the same thing?” Absolutely not. A quick visit to  thesaurus.com for synonyms for those core terms is a great place to start for some clues to their differences:

  • Security –> Defense, Guard, Precaution, Safeguard, Sanctuary, Shield
  • Resilient -> Buoyant, Supple, Elastic, Hardy, Plastic, Pliable, Quick to Recover, Rubbery, Springy

What jumps out at me is that “security” is a term which is focused on preventing bad things from happening. Whereas “resilient” is about quickly getting back to “good” in the face of the inevitable impact of bad things.

These concepts translate perfectly to the world of IT security in general, and email security in particular. Organizations should be focused on making their IT systems such as their email, resilient to attacks and not focus purely on the goal of 100 percent preventive security.

Is 100 percent prevention even possible? Definitely not. Much like the human body, which is continuously riddled with bacteria and viruses, the goal is to feel and be well, not to prevent these microorganisms from getting in. We could all live in the equivalent of a semiconductor clean room, continuously taking anti-bacterial baths and pills, and eating only irradiated food, but that doesn’t sound very pleasant. The bodies of generally healthy people thrive through resilience, not prevention.

The best approach for IT security is to have a balanced, resilient approach that encompasses threat prevention and adaptability to new types of threats combined with built-in durability and fast recovery.  This is the approach organizations should focus on for all business-critical IT systems, especially their most mission-critical business application: Email.

According to research from Vanson Bourne, only 30 percent of organizations surveyed have adopted a cyber resilience strategy, and only one-third of those are in the early stages of development or planning. Too many organizations are leaving themselves exposed to the unknown – but it doesn’t have to be this way. By developing a more holistic approach organizations can safeguard against email-borne cyberattacks, business disruption, data loss and human error. 

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Matthew Gardiner

by Matthew Gardiner

Senior Product Marketing Manager

Posted Jan 23, 2018

You may also like:

7 Ways You Might be Exposing Your Organization to an Email Attack

Don’t think you need a cyber resilience …

Don’t think you need a cyber resilience for email plan? Thin… Read More >

Mimecast Contributing Writer

by Mimecast Contributing Writer

Mimecast Contributing Writer

Posted Jan 09, 2018

How to Prepare for and Respond to an Email-Based Attack

This is not a drill.  Your email is…

This is not a drill.  Your email is under attack. Is y… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Sep 05, 2017

3 Tips for Expanding your Organization’s Advanced Security Strategy

With a leadership team in place and a s…

With a leadership team in place and a set of known and like… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Sep 05, 2017