Beyond natural disasters, data breaches and cyber attacks are becoming the norm. The damage done and cost to the business per incident can vary greatly however, even the smallest attack can be detrimental to a business that is not prepared. Much like the fact that we cannot stop the weather from doing what it’s going to do, we also cannot stop cyber-attackers from striking. What we CAN do is prepare by creating a more resilient infrastructure with solutions and services in place to minimize the effects of an incident so that businesses can resume quickly and securely.
Here are 7 resiliency strategies to consider:
Fix internal communication roadblocks with C-level Execs
For many organizations, C-level execs grow tired of IT’s constant requests for the next shiny new widget, while IT Leaders are merely trying to keep up with changing threats and opportunities for the business. In an attempt to avoid crisis and minimize damage to the company, IT may request specific tools, training and additional staff. Unfortunately, IT communications can sometimes leave out important details and big picture reasoning that executive leadership requires, and therefore there is a lack of understanding and these requests are usually met with a denial and a reference back to the last business resilience technology investment.
In the event of an attack that results in financial losses and brand damage, the c-level execs quickly turn to IT asking for an explanation. By then, there is a new level of understanding, but it is too late.
Avoid this scenario by bridging the gaps between IT and execs through clear, concise, direct communications. Illustrate the current infrastructure compared to the desired infrastructure. Incorporate storytelling and graphics which can bring meaning to complex technical jargon. Turn numbers and lengthy detail into hard-hitting, meaningful statements so that everyone can understand the reality of specific threats and vulnerabilities.
Know your enemy
Do you truly understand what it is that you are up against? To be resilient, you must first understand the uniqueness of your threat landscape. This can be achieved through a comprehensive risk assessment that considers the wide range of technical and non-technical, creative and straight-forward ways in which you are vulnerable.
There are so many overlooked avenues, that go underprotected, such as inadvertent and deliberate insider threats, foreign business travel and business dependencies, such as from vendors or suppliers. Sensitive intellectual assets or customer privacy data can be accessed in ways that the non-criminal cannot even imagine.
A comprehensive risk assessment can uncover these and other weak areas, allowing you to align resources against them.
Adopt mature cybersecurity practices
Data breaches and cyber attacks are more common that people would like to admit. Long gone are the days when our biggest fear was downtime caused by a power outage or a weather event. Today, we need to be additionally prepared for advanced, persistent, creative, highly intelligent threats and other remote attacks. While there are many sophisticated technologies to combat these threats, we have to remember that humans must be there to control and manage these technologies. Human beings, by nature, are fallible and cannot be counted on alone to consistently follow policies, procedures and guidelines for enterprise security to be achieved.
Resilient organizations know that cybersecurity is neither a single act, nor a slam dunk technology. It is the combination of solutions, activities, technologies and services that harmonize with an awareness of the evolving trends and threats.
Plan for the worst
If the worst happens, a resilient organization will minimize the attack window, continue operations and get back to business quickly. While data loss is expected, the goal is to limit it. The severity of the data loss is what will impact the company’s business, damage its brand and erode investor confidence.
Resiliency, afforded by mature business continuity and cybersecurity practices, is becoming a requirement for boards of directors, partners and customers, as well as cyberinsurance underwriters during pre-binding risk analysis of a potential insured.
Beware of hidden risk via third-party vendors and business associates
Threats to data security and business resiliency can originate from multiple sources and directions, including trusted third parties, such as vendors, partners and other colleagues. Lack of security measures at one of these organizations may serve as the original source of infection for an attack that is targeting a completely different company altogether.
Target is a perfect example of this. Although Target had done their due diligence and invested considerably in traditional data security controls, the company was unaware of vulnerabilities that could originate from one of its trusted partners. In their case it was an HVAC vendor whom had access to their external billing system and online project management portal.
Minimize the risk of internal threats and malicious employees
There are countless tools that will help with business continuity, availability, the prevention of viruses, malware, and unauthorized access. However, truly resilient organizations understand that threats to sensitive digital assets often originate from less technical, less malicious sources, such as the simple actions of trusted insiders. In fact, it has been shown that privileged users posed the biggest threat to corporate data.
Resilient companies know that risk from insider threat can be downgraded through a mix of technical solutions, services, policies, such as those limiting the use of removable media, proper termination protocols and awareness of the behavioral trends to look for.
Pay attention in times of change
For most organizations, change is a sign of health and longevity. Over the lifetime of the business new employees are hired, others are let go, partnerships are formed and dissolved and acquisitions and mergers take place. Any one of these events presents potential security risk.
Resilient organizations recognize this fact and proactively nurture a security culture that accommodates change. It’s also necessary to incorporate cybersecurity mandates, diligence, processes, and training from the mailroom to the boardroom. Bachground checks should be taken seriously, vendor SLAs should include security requirements and everyone make security part of the company’s DNA.
Schedule a consultation today to learn more about resiliency services and solutions offered by Flagship Solutions Group.
If you liked this blog, you might also like: Resiliency, Hybrid Cloud and the Perfect Storm
Business resiliency is is unsung hero of an organization. In the absence of robust business continuity management (BCM) and communications, disruptions can expose your organization to considerable risk. While many organizations have deployed BCM plans, they can often be ineffective and too rudimentary to keep disasters away.With the IBM Disaster Recovery as a Service offering, your organization can implement an integrated BCM strategy that leverages advanced technologies and a robust testing program and learn to master disaster recovery.&nbsp;&nbsp;
Infographic: Disaster Recovery’s Treacherous Terrain
Business resiliency professionals face a host of steep obstacles to meeting always-on expectations.
Report: The Need To Bring A Paradigm Shift In Business Resiliency
To address today’s business requirements for 24×7 continuous availability, organizations are looking for innovative resiliency solutions to manage disaster recovery across complex, hybrid cloud business environments. Read this Forbes Insights report to find out how cloud-enabled Resiliency as a Service can result in faster, more cost-effective recovery, and explore how IBM is delivering Resiliency as a Service through an agile Software Defined Resiliency framework to meet the heightened demands for resiliency in a hybrid world.
Video: Protect Your Business with Virtualized Server Recovery Portal
Take a quick tour of and learn how IBM Cloud Virtualized Server Recovery works. Server downtime might only last a few hours, but its impact can be high in terms of lost business and damage to your reputation. To maximize the availability of the systems used to run your business, IBM Cloud Virtualized Server Recovery protects your critical servers in real-time. This enables rapid recovery of your applications at an IBM Resiliency Center, keeping your business operational during periods of maintenance or unexpected downtime.
Report Masters Of Disaster Recovery
To gain insight into today’s most effective business resiliency strategies, the IBM Center for Applied Insights surveyed 310 disaster recovery and business continuity professionals in the United States and Canada. Review their findings in this research report.