In recent months business continuity has come to a sharp focus as organizations have to find ways to keep things going under the unprecedented circumstances of the Covid-19 pandemic. Business continuity is about maintaining critical business functions, not only during a disaster or crisis but also afterward. Traditional continuity plans take into account potential disruptions such as natural disasters, fires, outbreaks of disease, and cyber-attack.
However, the trend towards digital transformation and growing reliance on IT for vital business functions and data by companies’ means cyber attacks are the most likely threat. Cyber threats often continue to fuel these crises, as we saw with the Covid-19 pandemic, with cyber attackers seeking to capitalize on all the opportunities it offers.
As cyber-attacks continue to increase in number and potential to do significant damage to the IT infrastructure, companies need to make sure that efforts are made to protect IT operations. The objectives will be closely associated with efforts to maintain/restore IT operations in the event of a cyber attack, focusing on risk reduction, system resilience, and data availability.
Cyber attacks are unavoidable and are possibly damaging
A holistic strategy has become necessary because of the more disruptive nature of attacks by nation-states or those funded by nation-state-level development capacities. Such attacks can disable device and data access, or even kill IT infrastructure. Cyber attacks and cyber defense breaches have become unavoidable as attackers are becoming increasingly well organized and funded, often supported by the nation. Organizations of all sizes are a potential target of cyber attacks as information sources or as potential means of access to larger supply chain organizations. The drive towards digital transformation, mobile working, and cloud-based services continues to expand the attack’s surface, increasing the likelihood of an attack.
Early detection, response, and recovery are critical, given the growing trend towards disruptive cyber-attacks, which could threaten businesses’ survival. Cyber-attacks have emerged as the most significant risk to business continuity because they are significantly more likely to interrupt operations than fires, floods, or other disasters. The growing dependence on IT in the digital age and the increasingly damaging and disruptive effects of cyber-attacks mean that companies need to take a different approach to business continuity planning and cybersecurity that revolves around a far closer working relationship between the two.
Business continuity and cybersecurity must work together
Organizations need to incorporate their teams for cybersecurity and business continuity to ensure aligned infrastructure investments and processes for incident response and recovery. Business continuity and information protection require an integrated approach for critical areas such as access control, response to accidents, and recovery. The key benefits of greater collaboration between cybersecurity and continuity teams include investment in technology focused on continuity. Organizations should review their Business Continuity Management (BCM) approach and extend the focus to maintain/restore business operations beyond data centers and IT assets.
Cybersecurity and business continuity teams need to work together through the entire organization to focus on recovery. The team should be consists of staff, systems, and physical and virtual Operational Technology (OT) environments and Information Technology (IT). The means to achieve business continuity and cybersecurity goals are closely intertwined. Without involving cybersecurity and vice versa, there can be no effective business continuity strategy.