Resilience Redefined: Insights from Cybersecurity Expert Rosa Kariger

The word resilience is used quite a bit in relation to cybersecurity, ransomware, and other threats. But what does it really mean for an organization?

In our latest episode of Resilience Uncompromised, Sanjay Mirchandani , CEO of Commvault, engages in a compelling conversation with Rosa Kariger , a leading cybersecurity expert and former Chief Information Security Officer (CISO). The discussion delves into the critical aspects of cyber resilience and the broader concept of organizational resilience.

Among the highlights:

1. Rosa’s background: Rosa shares her extensive experience in the industry, highlighting her 25-year tenure at her company, where she started in industrial engineering and evolved into a global CISO role. She emphasizes her journey through various risk management domains, ultimately specializing in cybersecurity.
2. Defining resilience: Rosa prefers the term “resilience” over “cyber resilience,” stressing that resilience encompasses the ability of an organization to withstand any major risk disruption while maintaining its core purpose. She argues that resilience goes beyond protecting IT infrastructure and focuses on the continuity of essential services and business operations.
3. Misconceptions about cyber resilience: A common misconception is that cyber resilience is solely about disaster recovery and IT backup. Rosa points out that true resilience involves having a Plan B for business continuity while IT infrastructure is being restored.
4. Building a resilient culture: Organizations should distribute cybersecurity responsibilitiesacross all technical and operational teams, and not keep them centralized within a cybersecurity function. Rosa advocates for clear roles and responsibilities, proper training, and accountability for cybersecurity at all levels.
5. Risk management and preparedness: Cybersecurity should be integrated into overall risk management processes. Rosa emphasizes the importance of preparedness and having contingency plans for complete loss of connectivity or other critical failures.
6. Advice for non-technical leaders: Leaders must understand the risks associated with digitizing their business and manage these risks effectively. Rosa advises that leaders should not shy away from understanding cybersecurity risks, even if they are not technical experts.
7. Continuous business: The concept of continuous business is discussed, highlighting the need for organizations to remain operational in a connected world. Sanjay and Rosa agree that resilience in today’s volatile environment requires a mindset shift toward protecting essential business processes and maintaining continuity despite disruptions.

This episode provides valuable insights into the importance of resilience in the face of cyber threats and the need for a holistic approach to risk management and preparedness. Rosa’s expertise and practical advice offer a roadmap for organizations aiming to build a resilient and secure future. What strategies has your organization implemented to enhance cyber resilience? Share your thoughts and experiences with us in the comments.