Simply put, cyber resilience is a measure of how well an organization can operate its business during a data breach or cyber attack. Security teams have measures in place to detect and stop attacks, and they have recovery plans for the inevitable breach, but can they, along with IT, keep critical business processes such as order fulfillment, customer service, or accounting operating during a crisis?Not everyone has to be a security pro, but those in development or in other technical roles must understand security\u2019s importance to the larger organization. If they don\u2019t do their part to safeguard operations, breaches and attacks can demobilize an entire business.Take NotPetya, for example, which Rob Juncker, senior vice-president of product development at software provider Code42, says shut down \u201csupermarkets and ATMs all throughout the Ukraine.\u201d Or WannaCry, which he says left hospitals unable to access patient information. Just as \u201cthe biggest organizations fail and...go bankrupt because they've failed to innovate,\u201d Junker says a lack of security readiness has similar potential to bring a company down. When everyone understands the vital nature of security, devops is free to build buffers into the business that keep it resilient enough to survive.Understand the business to better protect itFor starters, Don Aliberti, head of information security for financial services group Nomura Holdings America, says, \u201cIf you want to protect the enterprise, protect the firm, you have to understand your firm.\u201d Take a good look at every company process that uses tech. Sure, code is being developed, but so are marketing campaigns. Maybe sales is in the middle of drafting an important proposal. Accounting is filing quarterly taxes while email and Slack send every message imaginable back and forth.If it has value and is happening on your systems, it needs to be protected. Determining value, Alberti says, requires \u201cunderstanding what are the main functions that keep the business going and what are the main risks to the business as far as availability, confidentiality, and integrity that potentially could hurt the business.\u201dApproach your backup systems with a business mindsetIf a malware attack meant development could no longer access their work, what would happen? Could the business keep going? With backups, maybe. They\u2019re not just there in case someone deletes something, after all. Ben Cabrera, CIO for Covanta, says backups are part of the environmental company\u2019s plan for dealing with ransomware: \u201cDisaster recovery and backups have become really important thing for us.\u201dIf hackers attack, he explains, \u201cWe just shut down that environment and move to the next environment, which is a warm backup. From a disaster recovery perspective, we can be back up and running within a relatively short period of time.\u201dThe trick to backups is to approach them with a business -- not just security -- mindset. In deciding whether to repair or ditch an infected system, Cabrera says, \u201cYou really have to make a decision in terms of what was compromised, what was damaged, and then -- at the same time -- what's the cost of information that's actually transpired since that point? If the breach was two months ago, for example, backing up to that point in time would be a loss of information and value to your business, right?\u201dLook beyond security for help building in resiliencyCabrera mentions data consultants can help with this work, but Aliberti disagrees. He says security teams hire outside consultants too often. These third parties, he explains, \u201clook at a specific application; they do an application assessment. They're looking at bits and pieces, but they never understand necessarily...the end-to-end business processes.\u201dYou know your data best, he continues, you know which \u201csystems...are most important, what is the downtime that you can afford to have, what is the data move, where does the data exist.\u201d Outside parties aren\u2019t in your company every day. The only way they understand your priorities is through you.That doesn\u2019t mean you shouldn\u2019t look beyond yourself for advice. Building resiliency across the entire organization takes everyone. Non-security colleagues may have better ideas than you think. Accounting, for example, knows about controls, and they understand the forensic process when something isn\u2019t right in the transaction logs. The people responsible for protecting a company\u2019s most valuable secrets will have ideas about mitigating the risk of that information getting out.Junker says, \u201cOur business used to be that everything we needed to run our business was within the four walls of our monitor. But right now, we've embraced cloud in so many different ways. We've embraced trading partners; we've embraced technologies that speed our innovation forward.\u201d Companies embrace new technologies because they help the business grow. Security, he says, is \u201coxygen.\u201d If your company wants to continue breathing, the entire body needs a contingency plan.Attacks will come, but with this plan in place, you can survive them. In 2014, Iranian hackers attacked Sands Casino. Aliberti says, \u201cThey took down all parts of their environment. It took quite a while for them to recover, but they were still able to get people booked into the hotels.\u201dYou have to keep critical operations going. Insuring the entire business is \u201ca broad attack surface,\u201d Aliberti says, but if you break operations into smaller pieces, you can manage it.