TALKING
‘‘ business
Business Continuity and business security used to be two distinct and siloed processes . However , the evolving threat landscape is a sign that organizations must change their mindset and follow a holistic approach by merging cybersecurity with Business Continuity and recovery plans .
In this context , it makes sense for security and Business Continuity teams to become more closely aligned , because it is only through their collective efforts that efficient recovery from a cyber incident will be possible .
Mapping out a joint response
Aden Axen , Cloud Services Manager at Somerville
One of the key drivers for this is the elevation of cyberattack risk as the most common ‘ disaster ’ type that organizations believe they will face and must plan for .
Business Continuity and recovery plans were traditionally used to get organizations and their systems up and running following natural disasters like a flood , fire or earthquake , but these kinds of risks now pale in comparison to that presented by the threat of cyberattacks .
Research by Allianz released earlier this year shows that : “ Cyber perils are [ now ] the biggest concern for companies globally in 2022 .”
Ultimately , the objective of a Business Continuity and recovery plan is to restore data as fast as possible , minimizing thus operations downtime and revenue loss . When everything else fails , it is Business Continuity and recovery planning that will save the day .
To develop a Business Continuity and recovery plan , organizations need to map out and understand the impact of system failures , how long they could function without key systems , what alternative methods and procedures they could use on a temporary or interim basis while regular systems are out of service , and what cost of lost productivity and revenue is sustainable .
“ The threat of ransomware attacks , data breaches or major IT outages worries companies even more than business and supply chain disruption , natural disasters or the COVID-19 pandemic ,” the insurer found .
The NIST Cybersecurity Framework and its five core functions offer some foundational guidance on how to bring business security and Business Continuity closer together :
To further illustrate the trend , 44 % of respondents worried about cyberattacks compared to 25 % who were concerned about the risk of being caught up in natural disasters .
Out of all cyberattack types , ransomware is seen as the most concerning or most likely to trigger Business Continuity processes . Even with backups to restore from , downtime caused by a ransomware infection can be prolonged ; on some estimates , the average recovery time is two-to-four weeks , and longer spells aren ’ t uncommon .
• Identify : Understanding your environment , what risks are associated , and how they relate with your business goals is crucial to building the required defenses for Business Continuity and recovery .
• Protect : This function answers the question ‘ What are the appropriate controls to implement to protect our assets ?’. Selecting the proper safeguards can help you contain or limit the impact of a breach .
• Detect : Time is an important factor when it comes to business recovery . The faster a cyber event is detected , the faster the repercussions can be mitigated .
www . intelligentcio . com INTELLIGENTCIO APAC 37