Opinion: Cybersecurity Business Continuity And Disaster Recovery

Opinion: Cybersecurity Business Continuity and Disaster Recovery

Most people can relate to the personal crisis of a frozen computer or crashed hard drive. More often than not, this is the moment when you ask yourself: “did I back up my data?” Of course, by the time you’re staring at a blue screen, it’s too late for that. All you can do is hope that something is recoverable, and plan ahead for next time. When you’re a business, the stakes get much higher. That’s why your organization needs to have a plan in place for business continuity and disaster recovery (BC/DR or BCDR).

Business Continuity

Business continuity is the plan you should have in place for operating your business when computers and vital technology are not available, whether due to a simple malfunction or a malignant attack such as malware or ransomware – a particularly popular form of attack as of late. As recently as this past summer (2019), one such incident hit an association of about a dozen healthcare providers.

The ransomware attack began, as is common, with a phishing campaign that worked to get credentials from someone inside the network. Once inside, the attacker worked undetected to access and encrypt critical database servers. A month after the initial compromise, a popup informed the businesses that they could get their database unencrypted by making a cryptocurrency payment. It’s a typical attack format that has been devastating companies.

What happened next showcases the importance of having a plan in place for BCDR. Some of the health care providers in this group transitioned directly to their business continuity plan. They were less efficient without their computers, but still open for business while their disaster recovery team worked to recover the data, remove the malware, implement additional defenses, and reach optimal operation. For other businesses in the network, it was a calamity. They didn’t have a plan for business continuity and were in crisis mode as they struggled to keep their doors open for patients.

The difference was starkly clear between those that were prepared and those that were not prepared. And it is possible to be prepared for this eventuality. There are two steps that must be taken. The first step is to create physical backups and verify that they work. You should also have an offline, air-gapped version so that attackers cannot virtually connect through the network to attack the backups. This is something you need to talk to your IT and security team about as soon as possible.

The second step belongs to the business leadership. This one cannot be delegated to the IT team. It requires thinking about how employees will work without vital technology. It means answering who, what when, where and how. Is there a secondary location from which you can operate? Are there tasks which are normally automated that will need to be manually performed? Who is capable of doing which tasks? There are many detailed questions that need to be asked, but the general objective should be about how to continue to serve your customers and keep your business alive while your IT systems are down and in recovery. This will mean different things for different industries. In healthcare for example, the patients aren’t going to stop coming. And in the case of a non-cyber crisis, like a flood or an earthquake, patients will likely come in higher numbers. Banks might need to figure out non-electronic means of dispensing cash. Even during a prolonged regional emergency, life – and commerce – goes on. But will your business?

Once you have a business continuity plan in place, you can start to think about disaster recovery. This requires a tiered approach, as explained in the Tiers of Recovery blog. But remember that the first tier of recovery is preparation. As you go about preparing for the eventuality of a crisis,  you should do so with one overriding consideration: people come first. Make sure your employees can do their jobs and make the disruption to customers minimal.

 

Carlos Solari

Carlos C Solari was born in Colombia, South America and grew up in Huntington, NY. His career started in government service: U.S. Army for 13+ years, FBI senior executive in the 1990's and Chief Information Officer for the White House (2002 - 2005).

In the private sector, Carlos was VP of Cybersecurity at Bell Labs, VP / GM of Global Security Solutions at CSC, SR VP at Mission Secure Inc and VP of Cybersecurity Services at Comodo Group. He is currently in several roles including Advisory Board Chair for CyberFortis focused on cybersecurity education / training for the corporate leadership including the Board of Directors, the C-Suite and Compliance Officers. He is the author of several books including Security in a Web 2.0+ World published by Wiley in 2009. He has taught cybersecurity in various settings and is an international speaker on this topic.

He is a graduate of Washington and Lee University with a BS in Biology and the Naval Postgraduate School with a MS in Systems Technologies.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top