30 August 2024
Martin Lewis, cyber and operational resilience sales manager, Daisy Corporate Services
Business continuity managers have been kept busy in recent years, with supply chain issues, a pandemic, and ongoing cyber-attacks threatening to cause significant disruption to operations. Consequently, continuity planning is now a constant feature on boardroom agendas.
But given the array of risks facing organisations, what steps should be taken to build resilience?
Step 1: Get ahead of the game
The first step organisations should take is to review incident response management and continuity plans. While in times of non-crisis, it’s easy for companies to focus on other areas. But when incidents do occur, it’s often already too late. That’s why it’s vital to regularly review and update current plans to ensure they are still operational and relevant.
With the risk of cyber-attacks remaining a constant threat, businesses must develop a separate incident response plan for cyber resilience to discover, prevent, and respond to security threats. This should include elements such as identifying and reporting the incident before containing and eliminating it. It’s vital that this plan also includes steps to assess the damage and restore order, as well as analysing and improving post-incident strategies.
There is no one-size-fits-all approach, given the breadth of attacks. So specific measures must be in place within organisations to combat incidents, whether this is due to a malware attack or caught up in spear phishing attempts.
Step 2: Creating a smart backup strategy
The old maxim of backing up your work is no longer enough, and this is where the 3-2-1-1-0 backup strategy comes in. This approach offers enterprises the best chance of data recovery in the event of a cyber-attack.
Following this framework involves creating three copies of important data sets, in addition to the original, while splitting these copies across two different storage methods.
These additional backups must be stored separately from the primary one, too. One should be kept offsite, and the other copy must be air-gapped and immutable to prevent any chances of the data being compromised. The final step that enterprises should follow – achieving zero errors in the data backup. Inconsistencies, errors, or missing data could put a successful backup at risk.
The 3-2-1-1-0 backup strategy offers enterprises the best chance of data recovery. While this approach certainly isn’t new, it continues to be crucial for maintaining data resilience and enabling recovery in the event of a disaster or cyber incident. This strategy ensures that you have at least two backup copies of all important data and can recover from incidents more efficiently.
Step 3: Test, test, test
Finally, conducting regular tests and rehearsals of existing business continuity, crisis management, and cyber incident response plans is vital. How can business continuity managers know if the organisations will remain resilient against threats if the procedures in place have never been tested? To ensure these plans are strong enough to protect against all types of disruption, organisations must assess tolerance levels across components such as their network, and plan and test for worst-case scenarios, not just plausible ones.
Testing remains a highly effective way of ensuring that everyone within the organisation comprehends their role and responsibilities in the event of an incident. It’s far better to identify failures in existing plans during rehearsal rather than in a real-world incident.
Align and shine in crisis
To stay in the driver’s seat on the road to resilience, business continuity and security teams must now prioritise organisational alignment by communicating to executives the importance of resilience through threat assessments, cost evaluations and other relevant documentation. And the entire organisation must be included in this journey.
The more capable a business is at mitigating risk, the more robust and adaptable it will be when faced with uncertainty. By adequately preparing for, detecting, anticipating, and adapting to the ever-changing risk landscape, a business can position itself to withstand almost any potential disruption.
To achieve this level of resilience, organisations need to their plans beyond the immediate risk landscape and prioritise long-term preparedness. While tackling daily challenges is demanding and costly, the ability to anticipate and navigate future obstacles will set businesses up for lasting success.