Cyber risk is one of the biggest concerns facing organisations today. The effects of a cyber attack or data breach can be felt throughout the entire organisation with far-reaching ramifications for customers and staff. This is no longer just an IT concern – it’s everybody’s business.
“It’s critical that business continuity professionals incorporate cyber threats in their business continuity planning, along with the traditional threats such as severe weather or supply-chain disruptions,” says Simon Petie, Regional Manager at RiskLogic. ‘But rather than having two separate response models – one for IT and one for the business continuity team – IT’s response needs to be integrated into the existing business continuity structure . This integration has the added benefit of giving IT an insight into the potential impact to the business as a whole.”
Potential cyber attacks
Cyber attacks are constantly changing and attackers are finding new ways to breach defences. Such attacks can wreak havoc in an organisation causing reputational damage as a result of compromised personal or financial information, loss of productivity and decreased revenue. In some cases, it can even shut down operations or put an organisation out of business entirely.
“An organisation’s response must be tailored to different cyber threats,” confirms Daniel Muchow, Head of Cyber Security at RiskLogic. “The plan also needs to highlight what activities are to be performed by IT and define specific communication points between IT and leadership. This could include periodic situation updates as well as advising on response options. In a cyber crisis, it’s critical that designated IT personnel, as subject matter experts, have the power to authorise actions as necessary.’”
Updating the business impact analysis
Keeping the business impact analysis up to date to ensure it identifies all critical IT processes, data and locations is also important. If there is a network failure, plans must be in place for secure access alternatives. Like other disaster responses, backup systems also need to be regularly tested.
Today, information technology is woven into the very fabric of organisations. When the IT department is able to work seamlessly with business continuity leaders through an integrated business continuity plan, organisations can respond quickly and appropriately to a cyber attack. Costs will be minimised, data better protected and reputational damage effectively controlled.
For help integrating Cyber Security risk control with your business continuity plan, contact RiskLogic on 1300 731 138 today.