Cyber Resilience — Technology Wiki

Overview

Direct Answer

Cyber resilience is an organisation's capacity to maintain critical business functions and deliver intended outcomes during and after adverse cyber events. It extends beyond prevention to encompass detection, containment, recovery, and adaptation, treating security as a continuous operational capability rather than a static defence.

How It Works

Resilient systems employ layered detection mechanisms to identify threats early, maintain isolated recovery points and redundant infrastructure to limit damage scope, and establish incident response playbooks that enable rapid containment and restoration. Organisations continuously monitor system behaviour, stress-test recovery procedures, and iterate security controls based on threat intelligence and post-incident analysis.

Why It Matters

Cyber incidents inevitably occur; resilience minimises business interruption, reduces financial loss from downtime, and preserves customer trust. Regulatory frameworks increasingly mandate demonstration of recovery capabilities, whilst competitive pressure demands that organisations sustain operations through attacks that competitors cannot withstand.

Common Applications

Financial institutions maintain redundant data centres and real-time transaction recovery systems. Healthcare providers implement backup diagnostic systems and patient record accessibility during ransomware incidents. Critical infrastructure operators design systems that degrade gracefully rather than fail catastrophically.

Key Considerations

Resilience requires sustained investment in testing and training that competitors may defer, creating cost pressure. Organisations must balance recovery speed against data integrity, as faster recovery can inadvertently propagate compromised states across restored systems.

Related in Offensive Security

Cybersecurity

The practice of protecting systems, networks, and programs from digital attacks, unauthorised access, and data breaches.

Threat Intelligence

Evidence-based knowledge about existing or emerging threats to an organisation's digital assets and infrastructure.

Vulnerability Assessment

The process of identifying, quantifying, and prioritising security vulnerabilities in systems and applications.

Penetration Testing

A simulated cyberattack against a system to evaluate the security of its defences and identify exploitable vulnerabilities.

Red Team

A group of security professionals who simulate real-world attacks to test an organisation's defensive capabilities.

Blue Team

A group of security professionals who defend against both real attackers and simulated attacks from red teams.

Purple Team

A collaborative security approach combining red team attack knowledge with blue team defensive capabilities.

Intrusion Prevention System

A network security technology that examines network traffic to detect and prevent vulnerability exploits.

Ransomware

Malicious software that encrypts a victim's files and demands payment for the decryption key.

Malware

Malicious software designed to disrupt, damage, or gain unauthorised access to computer systems.

Phishing

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information.

Spear Phishing

A targeted phishing attack directed at specific individuals or organisations using personalised deceptive content.

More in Cybersecurity

Certificate Authority

Network Security

An entity that issues digital certificates, verifying the identity of organisations and encrypting communications.

Cross-Site Scripting

Offensive Security

A web security vulnerability allowing attackers to inject malicious scripts into web pages viewed by other users.

Extended Detection and Response

Defensive Security

A unified security platform that integrates data from endpoints, networks, cloud workloads, and email to provide holistic threat detection, investigation, and automated response.

End-to-End Encryption

Data Protection

A communication system where only the communicating users can read the messages, with encryption at both endpoints.

Data Loss Prevention

Data Protection

Technology and processes that prevent sensitive data from being lost, misused, or accessed by unauthorised users.

DevSecOps

Security Governance

An approach integrating security practices within the DevOps process, making security a shared responsibility.

Phishing-Resistant Authentication

Identity & Access

Authentication methods such as FIDO2 passkeys and hardware security keys that are immune to phishing attacks because credentials are cryptographically bound to the legitimate service.

Attack Surface Management

Offensive Security

The continuous discovery, inventory, classification, and monitoring of all external-facing digital assets to identify and reduce an organisation's exposure to cyber threats.