Ensure you continue serving customers through chaos with a business continuity cybersecurity plan
By KC Sreeram, Vice President, Cloud and Infrastructure Practices – Trianz
Technology-related problems are one of the leading causes of said disruption—including areas such as server hosting and availability, data management, and, most critically, cybersecurity.
Unlike other areas of IT operations, a lax approach to cybersecurity puts services, secrets, shoppers, and staff at risk—often simultaneously. Customer financial data can be exposed to attackers, sensitive business secrets can be leaked, and digital services can go offline. This creates a perfect storm of disruption that can threaten business continuity.
To combat this, a rigid and comprehensive business continuity cybersecurity plan is essential to thwart threats and ensure the security of sensitive datasets. Rather than two separate plans, cybersecurity and business continuity should intertwine as co-dependent forces, requiring close collaboration
How Can Enterprises Combine Cybersecurity and Business Continuity?
There are various ways that enterprises can combine cybersecurity and business continuity. Some examples include:
Device and Data Controls
In times of disruption, device and data controls are essential. Your enterprise should have a way to revoke access when a user account is compromised—often through role-based access controls (RBAC) or identity access management (IAM). You should also have a way to block network access when an endpoint is compromised, with additional protection via packet-based encryption.
Alongside user account security controls, individual users should be granted data access based on “least privilege.” A user should only have access to a sufficient amount of data to fulfill their job role—and nothing more. Overprovisioning data access increases the risk of sensitive information being leaked—either through unauthorized employee access or compromised user accounts—which may end up in the hands of attackers. In the event of an attack, this should theoretically reduce the attack surface, mitigating disruption and post-attack recovery requirements.
For endpoints, such as company laptops, users should be required to use two-factor authentication (2FA), technologies such as a physical key card, or a one-time passcode (OTP) generated via SMS or a mobile authentication app.
Cybersecurity automation has huge potential to reduce security risks across your network. Where human intervention can take minutes to hours, artificial intelligence (AI) and machine learning (ML) algorithms can instantly respond to threats.
As an example, say an attacker manages to compromise a user account with high-security clearance. The AI or ML algorithm could detect that the user is logging in from a different location or is not scheduled to be working on that day, or use heuristics to detect abnormal and potentially malicious activity. This data-driven inferencing can enable self-healing cybersecurity automation, stopping attacks before they have time to start.
These same algorithms could be used to ensure critical cybersecurity tasks are performed during a business continuity emergency. This would entail the integration of cybersecurity monitoring tools with workflow automation tools, allowing AI to take over when human intervention is limited or unavailable.
For both cybersecurity and business continuity, regular testing is the best way to make sure your plans work in practice.
With cybersecurity, regular penetration testing can help security teams identify hidden problems. This could include simple brute force attempts using password dictionaries or more advanced approaches like a circumvention of RBAC policies and SQL injections. These tests can be automated with AI if desired, providing continuous penetration testing and feedback.
Relating back to business continuity, essential business activities should be modeled as workflows. This will digitalize standard manual processes used by key stakeholders and staff, allowing for simulated business continuity disasters that can be conducted in a sandbox environment.
Examples could include supply chain purchasing and sales, emergency system access by stakeholders and IT teams, disaster recovery (DR) or replication after a natural disaster, or major traffic disruption preventing employees from attending the office.
Worst-Case Scenario Communications
In a worst-case scenario, all business-supplied methods of communication will cease to function. This means cybersecurity teams cannot contact each other to fix problems collaboratively; stakeholders cannot communicate the disruption and subsequent plans to staff; customer requests via email and telephone go unanswered—and the list goes on.
Staff members who play a critical role in your business continuity plan must share and store contact information for use in these emergency scenarios. This ensures that—in a worst-case scenario—marketing teams can inform customers of the disruption via social media, department heads can instruct staff not to attend the office, and continuity collaborators can communicate to expedite recovery from the disaster.
This will enable proactive communications to all affected parties, minimizing damage to your reputation despite the damage to your operations.
Business Continuity and Cybersecurity Go Hand in Hand – Be Prepared
Every business will eventually need to contend with some form of significant technology business disruption, and increasingly they will be malicious. Ask yourself how you can sustain business continuity in these scenarios, then define and test cybersecurity measures and remediation processes to work around these disruptions.
Read More about Cybersecurity on Trianz.com.
This is a Sponsored Feature.