By: TP Sharafudheen
Cybersecurity and business continuity are still mainly separated silos, but due to the cyber super highway’s widespread exposure, there is a pressing need for firms to change their approaches in order to build business resilience.
A BC/DR plan, in our perspective, should be in place to get businesses and their respective technology infrastructures back up and running following an earthquake, flood, fire, hurricane, or another hazard-like occurrence. Due to the increasing frequency of cyberattacks, these teams are now required to be on the front lines of managing cybersecurity events.
In the new situation, the duties of business continuity management and disaster recovery teams are clearly defined. Due to market recession or other challenging scenarios that have arisen, the BCM arm is more focused on important business sectors that are revenue-generating. The DR arm, on the other hand, is in charge of dealing with a technology incident, data loss, and a general digital infrastructure disaster.
First and foremost, a continuous vulnerability testing methodology for technology must be implemented. When a cyber incident occurs, the BCM team notifies the DR team, and the DR team is then in charge of determining what exact vulnerability led to the breach, implementing measures to mitigate the impacts of the cyberattack, and documenting steps to prevent the attack from happening again, which includes data recovery and cyber forensics.
The world we live in today is rife with cyberattacks, with the business community being the most vulnerable. Organizations must protect themselves from cyberattacks by implementing proactive measures and maintaining robust firewall systems, but they must also be prepared to deal with hacking incidents if all else fails. Less time will be spent trying to resolve difficulties related to cyberattacks and more time will be spent restoring to normal operations if recovery plans and crisis communication tactics are documented ahead of time.
Business Resilience teams have the unique capability of maintaining a view of an entire organization and they can advise an organization’s PR team on how to communicate hacking incidents to the public. By having documented crisis communication plans during the recovery process, it is easier for an organization to manage the public sentiments of an organization during a hacking incident.
However, the unprecedented trend towards digital transformation and an increasing reliance of organizations on IT for critical business functions and big valuable data means that cyberattacks are the most likely threat to business continuity, and cyber threats also tend to feed off such crises, as we have seen with the Covid-19 pandemic, with cyber attackers attempting to capitalize on all the opportunities it has presented.
Organizations of all sizes are a potential target of cyberattacks as sources of information or potential means of access to larger organizations in the supply chain. The drive to digital transformation, mobile working, and cloud-based services is continually expanding the attack surface, further increasing the likelihood of attack.
As cyber-attacks continue to increase in number and ability to cause significant damage to IT infrastructure, organizations must ensure that efforts to secure IT operations are closely aligned with efforts to maintain/restore IT operations in the event of a cyberattack, with a focus on risk management, resilience to maintain the system and data availability, recovery of systems if they go down, and contingency planning for varying degrees of IT failure, up to and including total IT failure.
In the digital era, the increasing reliance on IT and the increasingly destructive and disruptive impact of cyber-attacks means businesses need to adopt a new approach to business continuity planning and cybersecurity that centers around a much closer working relationship between the two.
An integrated approach, for example, means that instead of simply using disk mirroring technology to maintain up-to-date copies of data in geographically dispersed locations, business continuity and security teams will work together to protect data and connections against the most likely forms of cyber attack, as well as develop contingencies for maintaining and restoring backups that do not rely on the same IT infrastructure and will work even if there is a total IT infrastructure failure.
Cybersecurity and business continuity teams must collaborate across the whole business with a focus on recovery, including people, processes, and physical and virtual environments for operational technology (OT) as well as information technology (IT).
In general, it is important to understand where data resides, how it is protected, and how you can recover to a safe state. Make a policy to move to cloud infrastructure for better security and easy restart of virtual machines/services, but ensure there is a backup strategy if connectivity is lost or cloud service providers are unavailable.
There is a growing number of mitigating tools, techniques, processes, and architectures that organizations can deploy to reduce the impact of cyberattacks on business operations.
Organizations should aim to deploy those approaches that are mature and will have the most impact, starting with the most effective. These include business continuity planning, zero-trust security model, offline and offsite backup, endpoint detection and response, PAM, and crisis communications procedures.
Next, keep an eye on existing deployments of distributed denial of service (DDoS) mitigation, security intelligence platforms, and automated threat sharing to assess their continued value and possible replacement. At the same time, pay attention to emerging winners with the highest potential impact, such as integration of BCM and cybersecurity teams, DevSecOps, ransomware mitigation, and workspace virtualization as strong candidates for adoption.
There are many reports published by different trustworthy agencies. All this information will help us understand the scary nature of this vulnerable sensitivity of the cyber world. Here are some reports which will give us a deeper insight.
3.43% of cyber-attacks target small businesses. 64% of companies have experienced web-based attacks. 62% experienced phishing & social engineering attacks. 59% of companies experienced malicious code and botnets and 51% experienced denial of service attacks. The global average cost of a data breach is $3.9 million across SMBs.
For most businesses this sum is crippling – not only monetarily but in reputation. For public companies, the cost is much greater since more is at stake. On average a data breach at a publicly traded company would cost $116 million. Since COVID-19, the US FBI reported a 300% increase in reported cybercrimes.
Organizations need to make a fundamental change in their approach to cybersecurity and reprioritize budgets to align with this newly defined reality of our modern society. It has been predicted that approximately $6 trillion is expected will be spent globally on cybersecurity by 2021.
Cybersecurity is an important issue for both IT departments and C-level executives. However, security should be a concern for each employee in an organization, not only IT professionals and top managers. One effective way to educate employees on the importance of security is a cybersecurity policy that explains each person’s responsibilities for protecting IT systems and data. A cybersecurity policy sets the standards of behavior for activities such as the encryption of email attachments and restrictions on the use of social media.
Some stand-outs from recent years include the European Union’s 2018 General Data Protection Regulation (GDPR) and California’s 2020 California Consumer Privacy Act (CCPA). Companies need to take note of lessons from the GDPR, as more iterations are expected to pass across the globe in the coming years.
When it comes to cybersecurity, not all industries are created equal. Industries that store valuable information like healthcare and finance are usually bigger targets for hackers who want to steal Social Security numbers, medical records and other personal data. But really, no one is safe because lower-risk industries are also targeted due to the perception that they’ll have fewer security measures in place.
The core essence of business continuity management philosophy is to build sufficient resilience to the business organization. Compare to any other natural calamity, cyber attack is the most frequent threat in these days and will grow exponentially.