By Resolver Modified February 7, 2021
*Guest post by Terry Lampropoulos*
Imagine arriving at work only to find out that none of your systems are working due to a cyberattack on your entire company. You might find it hard to believe but your organization’s Business Continuity Management (BCM) and Disaster Recovery (DR) teams are the main support structures in these situations.
Traditionally, a BC/DR plan is in place to get businesses and their respective technological infrastructures up and running after a flood, fire, hurricane, or other hazard-like event occurs. Now these teams are on the front lines of managing cybersecurity incidents.
While there is overlap between how both teams help an organization’s overall business resilience efforts, there are some distinctions between the two. The BCM arm is more focused on critical business areas that are revenue generating. The DR arm is responsible for understanding the implications of an incident on an organization’s technology and overall infrastructure.
When a cyber incident occurs, the BCM team relays relevant information about the event to the DR team and the DR team is then responsible for understanding what specific vulnerability led to the hack, executing the procedures to remediate the effects of the cyberattack, and document steps to prevent the attack from occurring again.
Managing through a cyber event, recovering a business, and regaining normal operations requires a lot of planning. In addition to documenting critical business functions, regular testing needs to occur to ensure disaster recovery groups are ready to manage these kinds of incidents. Your BCM and DR specialists will ask a lot of questions in order to try and figure out the critical applications you need when a disaster occurs, what the recovery time of these applications should look like, and also help you determine proactive workarounds to make sure that your organization can still function in the worst-case scenario.
While getting up and running is crucial for business operations, it is just as important to effectively communicate with internal and external stakeholders during a cyber event. Think about large multinational organizations that experienced well-publicized breaches in their servers over the past few years. In many cases, the public disclosure of the hacking incident came well after the hack occurred.
Unfortunately for these organizations, they experienced significant reputational damage after the fact even though they did not want this kind of incident to occur. Business Resilience teams have the unique capability of maintaining a view of an entire organization and they can advise an organization’s PR team on how to communicate hacking incidents to the public. By having documented crisis communications plans during the recovery process, it is easier for an organization to manage the public sentiments of an organization during a hacking incident.
The world we live in today is filled with cyberattacks that are well documented in the media. Organizations need to protect themselves from cyberattacks by building and maintaining resilient firewall systems, but you always need to be prepared to manage hacking incidents when everything else fails. By proactively documenting recovery plans and crisis communication strategies, less time will be spent trying to solve issues associated with cyberattacks and more time will be spent returning to normal operations.
Terry Lampropoulos is a Professor of Risk Management at Seneca College in Toronto, Canada. In addition to this, he holds the Canadian Risk Management (CRM) designation offered through the Risk and Insurance Management Society and the Associate Business Continuity Professional (ABCP) designation offered through the Disaster Recovery Institute.