Published by Cybersecurity Practice
January 11, 2024
Whether it’s a natural disaster or malicious cyberattack, many CISOs and IT admins have spent sleepless nights, plagued with thoughts of potential catastrophe. No organisation wants to spend its time dwelling on worst-case scenarios, of course, but those in positions of responsibility understand that an unforeseen disruption can be catastrophic for the ill-prepared. Meanwhile, placing too much trust in the technical aspects of your organisation’s security – even when well-considered and regularly maintained – can lead to blind spots that make disruption more likely and increase the potential negative impact upon the organisation, should the unthinkable occur.
Most likely, your organisation already has policies in place for business continuity, resilience, and incident response. However, it’s worryingly common for such policies to be created, approved, and then locked away and left unattended until an incident occurs. These policies are only effective in responding to disruptive events if they are kept current, and the people trusted to carry them out are informed and prepared. Neglecting this can result a policy becoming outdated and ineffective, potentially relying on individuals who may no longer even be at the organisation.
While technology can be invaluable in helping to secure and manage your organisation and its estate, and in helping to minimise the effects of disruption, no organisation should be operating under the assumption that its systems are airtight and immune to disruption. As organisations introduce increasingly complex and sophisticated technology solutions, potential failure points can actually increase. Without careful consideration and periodic reassessment, vital data, processes, and functions may become unavailable – potentially permanently – following a successful cyberattack or sudden natural disaster.
The objectives of business continuity and incident response plans are obvious: to help organisations maintain operations during disruptions and to minimise the negative impacts of the disruption itself. This naturally extends well beyond the remit of just keeping the IT infrastructure operational, and should take the entire organisation into consideration, from processes and assets, to employees and clients. The exact shape the plan takes will depend on the organisation forming it, and it should be able to change radically from one iteration to the next if the needs of the organisation demand it.
Rather than reading through the existing plan and attempting to spot areas that are out of date, it’s more effective if the process is conducted as a whole, in the same way it was when it was first created. There are a number of in-depth guides to developing an effective incident response plan available from sources such as the NCSC and Microsoft, among others, and it can also be beneficial to enlist outside expertise when tackling the more technical aspects. As a quick overview, there are some high-level criteria that should be reassessed on a regular basis:
By regularly running through the above steps, an organisation can help to ensure that it is always on the best possible footing for whatever the future holds. If your organisation needs more targeted assistance in identifying potential risks and threats within your existing estate, feel free to contact us at firstname.lastname@example.org.