The Correlation Between Organizational Resilience and Cybersecurity Awareness Month

Patrick Sullivan
October 17, 2024 • 6 min read
resilience

Once again, October has arrived and along with Halloween decorations and pumpkin lattes, ever since 2004, when the Department of Homeland Security and the National Cybersecurity Alliance designated October as Cybersecurity Awareness Month, October is now associated with cybersecurity as well.

As a “seasoned” cybersecurity professional, I’ve seen many of these campaigns pass with little change, and this year’s theme, “Secure Our World,” is the same as last year, emphasizing the need to focus on the basics and the top four ways to stay safe online: use strong passwords and a password manager, turn on multi-factor authentication, recognize and report phishing, and update software.

These tenets focus on individual behaviors. However, from the perspective of a company in the cybersecurity industry with an industry-leading product in the information technology risk management (ITRM) space, I’d like to take a broader, more holistic look at how organizations can create a business environment that ensures that members of its community internalize and reinforce these behaviors, always putting security first simply because that’s what is done across the entire organization as a matter of course. Managing risk should be an ongoing initiative reinforced through the practice of solid cybersecurity principles at the top levels of an organization, cyber hygiene on the individual level, and technologies supporting and enabling secure practices.

It’s a sensible goal—but when you look at the number of incidents or breaches that show up in the news that are often caused by nothing more than an errant click on a phishing email—it can seem unreachable.

However, I would argue that this goal isn’t unreachable at all—and that organizations don’t need to be cybersecurity companies to achieve it. One of the principles that senior leadership teams of any organization need to keep in mind when evaluating their business’ information technology needs going forward is organizational resilience.

But what is organizational resilience—and why does it matter?

Organizations that build resilience principles into how they manage not only risk but other difficult-to-control variables such as budget constraints, market demand, supply chain fluctuations, and more, are able to perform better when problems eventually occur—as opposed to organizations that are not designed to be resilient and where a system failure or product misstep can cause a series of rippling failures from which it’s challenging to recover.

In research titled Outlook for Organizational Resilience, 2023, Gartner® defines organizational resilience as “the ability of an organization to resist, absorb, recover and adapt to business disruption in an ever-changing and increasingly complex environment to enable it to deliver its objectives and rebound and prosper.”*

When striving to achieve organizational resilience, businesses should focus on creating systems and processes that can bounce back from disruptions—because disruptions are a given. The best, most resilient businesses not only recognize the inescapable exposure to vulnerabilities inherent across many variables outside of their control but anticipate their inevitability—and become stronger as a result of implementing controls to address them. If we compare organizational resilience to the discipline of ITRM, it would be easy to see how the two concepts are intertwined.

Xacta® is an ITRM platform built specifically focused to manage complex security control catalogs and frameworks such as NIST 800-53, NIST 800-171, FedRAMP, and many others. Such frameworks are designed to encourage and continually reinforce an ongoing, clearly defined proactive approach to organizational cyber risk. This concept dovetails neatly into the idea of organizational resilience, where organizational objectives are so dependent on the safe and dependable operation of IT systems.

Organizations that do not strive to become resilient, however, are often vulnerable to catastrophic outcomes when a breach or outage inevitably occurs. Incidents this year, such as the Change Healthcare, CDK Global, and Ascension ransomware attacks, make us painfully aware of the devastating impacts of a vulnerable system. Without proactive controls to prevent and detect incidents and a real backup plan to recover systems with what are often (in hindsight) glaring security gaps in their systems, organizations with a responsive-only approach to risk will have difficulty getting their business and reputation back to where they were before the breach.

One of the reasons that Cybersecurity Awareness Month has always resonated here at Telos® is because it reflects the proactive approach to security that is part of Xacta’s origin story. Yes, the work of adhering to the stringent requirements of security regulations is never truly done—and, for an organization aspiring to become resilient in all facets of its business, it never should be.  

Through automation, Xacta makes the ongoing day-to-day work and the search for continuous compliance easier while providing ITRM teams with a holistic and forward-looking perspective at both risk and the potential for risk across the organization. That’s because Xacta’s capabilities go far beyond merely ticking off boxes to show compliance; instead, ITRM staff can leverage Xacta to operationalize security objectives efficiently.  Capabilities such as continuous compliance, automated remediation, dynamic mapping of controls, and more are what make Xacta perfectly suited as the centralized cyber risk management platform for the enterprise, helping to not only drive forward but also continually reinforce both the principles of risk management as well as the pragmatic, day-to-day work of evaluating and remediating risk across systems.

As per the Key Issue Take-away stated by Gartner in the Outlook for Organizational Resilience research mentioned above, “Organizational resilience is a strategic imperative that is an all-of-enterprise initiative, and organizations that employ the principles of resilience outperform those that do not.”*

I’m proud to be associated with Xacta’s strong history as the platform of record for some of the world’s most security-conscious organizations. And I believe Xacta is part of the key to the resilience of these organizations in the midst of constantly shifting threats and constant technological change.

*Gartner, Outlook for Organizational Resilience, 2023, By Michael Aldridge, Belinda Wilson, Ron Blair, 21 September 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Patrick Sullivan
Vice President—Xacta Solutions & Services, Telos Corporation
Mr. Sullivan holds a MS, BS and AAS in Information Systems and CISSP, CEH, CHFI certifications.
Read full bio