By Professor Danny Myburgh
Organisations can no longer afford to wait until a threat is identified to start worrying about their cybersecurity risk management program. A cyberattack can cause a major business disruption across business units and severely impact day-to-day operations, both in the short and long term. Under new legislation, a cybersecurity breach can also leave businesses and leadership teams liable if the confidentiality, integrity, and availability of customer data is compromised, not to mention the reputational damage of a data breach.
In today’s always-on, cyber-reliant operating environments, it is impossible to build a business continuity and disaster recover plan without factoring in cybersecurity measures. These should be integrated throughout the entire organisation and process.
The shifting BCM and DR landscape
It wasn’t the too distant past when Business Continuity Management (BCM) and Disaster Recovery (DR) plans kicked into high gear when there was a natural disaster, such as a flood or fire, or closer to home, power outage issues that disrupted workflows.
Today, BCM and DR is most likely on the frontlines of managing a cybersecurity incident, which is why it’s crucial for cybersecurity to be effectively blended into business continuity planning and disaster recovery from the beginning. To ensure this takes place, there are several best practices to keep in mind, including cyber risk assessments, business impact analysis, incident response plans, supply chain management, and continuous monitoring, not to mention a 24/7 cyber response plan.
Simply put, from the start, cybersecurity risk management should be integrated into your organisation’s business continuity planning. Today, proactive cybersecurity is the only way to keep growing networks secure, which requires collaboration between IT security teams, incident responders and business continuity planners.
Preventing and preparing for a cyberattack
Managing a business through a cyber event, recovering systems and data, and returning normal operations (as quickly as possible with minimal disruptions) requires a lot of planning. It is essential to create a set of policies and procedures that IT teams and managed service providers can use to identify, contain, and eliminate cyberattacks.
In addition to documenting critical business functions, it’s critical to conduct regular tests to ensure disaster recovery plans are in place and all stakeholders know what is expected of them should an incident occur. You’ll also need to determine which critical applications are needed when a disaster occurs, how quickly these applications can be recovered, and if there are proactive workarounds to make sure that your organisation can still function in the worst-case scenario.
Remember, the key to any successful cybersecurity plan and solution is the ability to prevent an attack, detect if a cybercriminal is trying to slip past your defences and respond if a breach occurs.
Prevent
To prevent a cyberbreach, there are key areas that must be reviewed before developing a robust cyber security policy and framework to follow. These include:
- Governance, risk and compliance
- Identity and asset management
- Policy and security architecture design
- Privacy
- Information risk and cyber threat research
- Business continuity management
- Asset and software compliance assessment
- Information security programme management
- CSI (SANS 20 critical security controls)
- Disaster recovery
- Virtualisation and cloud
- Information security training and awareness
- ISO 270-01 Certification readiness
Detect
The ability to detect a cyber breach or an attempted cyber breach requires a an-depth assessment and insight into a business’s entire IT landscape and network, including:
- Vulnerability management
- Application security assessment and certification
- Network assessment
- Penetration testing
- Social engineer and phishing assessment
- Mobile application security testing
- Data leakage management
- Security code review
- Secure code training
- Security incident and event management
- Security infrastructure management
- Security operations centre (SOC) monitoring
- Transaction monitoring
- PCI qualified security assessor
- PCI approved scanning vendor (ASV)
- Digital forensics management
Respond
Responding to a cybersecurity incident must happen immediately. Having a plan of action in place, working with the right experts and ensuring that SLAs are already signed so that response can be immediate are all critical elements of a successful cyber response plan, which should include:
- Data recovery
- Mobile forensics and investigations
- Fraud trend and data analytics
- Social media investigation
- Digital forensics services during Anton Pillar
- Forensics audits and investigations
- Fraud risk management
- IT Forensics Lab
- Incident management
- Ethics hotline
- eDiscovery
- Case management
- Forensics and fraud awareness training
Work with a service provider who can support your business
One of the biggest challenges a business faces during a cybersecurity crisis is not having a service provider already in place who can immediately respond to an incident. Instead, in the middle of a crisis situation, the organisation is negotiating service terms and SLAs are being drafted. Not only is this a waste of time when every second counts and business continuity is on the line, but there is no clearly defined response plan in place based on the business’s specific and unique risk assessment.
Having a service provider in place ensures that your business has been assessed to ensure all preventative measures are in place, that a breach can be detected timeously and that you have a team of experts actively monitoring your network who can immediately address a breach.