By now, we’re all familiar with how the Covid-19 pandemic has disrupted business as usual. Closed offices, remote workers, distribution cycles out of whack, massive lay-offs, and an unclear future. In short, we’ve seen a break in business continuity.
That term – business continuity – is rarely brought up, but it’s a fitting linguistic lens through which to view the state of industry. Business continuity means maintaining critical business functions during any crisis, be it economic or health-related. And historically, plans for maintaining business continuity are drawn up to mitigate disasters like fires and cyber attacks.
The latter concern, cyber attacks, is the primary threat to business continuity during this pandemic. That’s because cyber thieves are using this global crisis as a way to infiltrate corporate databases. Accordingly, as the amount of cyber attacks grow and continue to damage networks, companies must be more vigilant than ever regarding their IT operations. Specifically, in the event of a cyber attack, they must be prepared for a number of issues including risk management, maintaining and recovering data, and contingency planning for any type of IT failure. This comprehensive approach is paramount. We’ve all read about how cyber attacks have become more destructive than ever, with some destroying entire IT infrastructures. And chances are, a given company is much more likely to experience a cyber attack than a fire or flood.
Doing business with fear is certainly no way to do business. But every company must understand that they are potential targets of cyber attacks. In a way, that’s been the case since the mid-1990s, but it’s more of a reality with digital transformation being a near-ubiquitous corporate initiative: Remote employees, working from the cloud, make cyber attacks much easier to carry out.
This landscape demands that organizations integrate their cyber security and business continuity teams. In this way, they will align technology investments with incident response and recovery processes. By collaborating, organizations gain a clearer focus on threat detection and response, and can develop precise plans about how specific personnel should act in the case of a cyber attack. In that light, companies would be wise to assess how they approach Business Continuity Management (BCM).
The first aspect to consider is planning. This means restructuring your BCM and cyber security teams to foster collaboration around operations, processes, responsibilities, and technology investments.
Next look at your actual technology. We always want to be optimistic, but it’s smart to plan for the worst case scenario regarding detection, response, recovery, and security. So ensure that you’ve implemented the highest degree of protection for data backups. Plus, minimize the impact of a breach by dividing network resources to limit lateral movement.
Last but not least, review your overall cyber attack policy. Consider the implementation and enforcement of strict Privileged Access Management (PAM) controls. These establish a policy of least privilege. Also discuss the idea of allocating administration privileges only when absolutely necessary.
Don’t forget – there are an ever-increasing amount of mitigating tools, techniques, and processes that you can implement to shrink the impact of a cyber attack. Some of the most mature – and therefore effective of these – include business continuity planning, zero-trust security model, offline and offsite backup, endpoint detection and response, PAM, and crisis communications procedures. Also be on the lookout for AI-supported anomaly detection, AI-supported decision making, AI-supported threat analytics, and automated decision making. Many AI-supported technologies have the promise of reducing the risk of cyber attacks. In fact, they may eventually replace many of today’s cutting-edge solutions.
Hopefully medical science will soon come up with a viable vaccine for Covid-19. For the sake of our health and economic stability, it can’t come any quicker. In the meantime we all have to be safe. Stay at home, social distance, wear a mask, and protect your IT investments.