Resiliency is not just for large organizations. SMBs should incorporate resiliency principles as a means of reducing risk. As a community, we continuously hear that all companies are experiencing a rise in the threats and attacks they face and that there are new evolving threats are out there waiting to strike. I don’t believe in fear-mongering; however, keeping this sense of urgency in mind, I think it’s essential for the security managers of SMBs to understand what resiliency looks like, how it can fit into their security program’s strategic plan, and how it will change an SMBs security budget. As the security manager and company start to contemplate what processes may require resiliency, don’t forget that it is also important to include methods for measuring high levels of resiliency. The end goal is to effectively blend resiliency into critical business operations and develop metrics that the SMB’s security manager can use to measure what level of resiliency equates to measurable business value, justifying the expenditure of security department resources.

The dictionary definition of resilience is the “capacity to recover quickly from difficulties.” In cybersecurity, the definition of resiliency is focused on how organizations recover from an incident that incorporates multiple domains such as cybersecurity, business continuity, disaster recovery, and organizational operations. The objective of cyber resiliency is for the SMB to be able to adapt and continue delivering services to its customers while the event is ongoing and being addressed by their security manager and team. Additionally, the business operations domain should include processes to restore standard business services after the incident occurs.