In yesterday’s blog, I had mentioned about the three things that this Coronavirus episode has brought out in terms of Cybersecurity. We reviewed in length one of them yesterday which was about the major kinds of spoofing attacks that are out there.
Obviously, there are many more that are out there, and I have always have my eye on what is going on. If more kinds of spoofing attacks are coming out, I will for sure update that blog. But in today’s blog, we continue with this theme.
In a really bad sort of way, the Coronavirus has now made Corporate America realize and understand the importance of creating an Incident Response (IR) Plan, a Disaster Recovery (DR) Plan, and a Business Continuity (BC) Plan. But there is a lot of confusion between these three, and many times, they are often used quite interchangeably with another.
However, the three are quite different from one another, and I am going to next describe these differences at a very high level. But, one disclaimer here. I am not a professional writer in these areas, and other Cybersecurity professionals are going to have their own views on them. I am simply presenting my views on these differences, based from my own experiences. Here we go:
The Incident Response Plan:
If your company is impacted by a security breach, you need to ACT NOW. How can this be done? It is all done with the IR Plan. This plan exactly spells out what you need to do, whom to notify, and how you will mitigate the threat from proliferating inside your business. In other words, this is your plan as to what you will do at that moment in time, without succumbing to knee jerk reactions which will lead to bad decisions.
The Disaster Recovery Plan:
Once you have contained the threat that has impacted your business, the next step is then how you will resume baseline operations again. Most of the time, this will involve only just implementing those mission critical operations that are deemed to be absolutely necessary. This is where the DR Plan kicks into play. It should exactly spell out what you will do, what those processes are that are deemed to be the most important. This plan can be viewed as a short term one, perhaps lasting for just a few days or even a week.
The Business Continuity Plan:
Once you established those mission critical operations, the next step is in figuring out as to how you will bring your business back to where it was before you were hit by the security breach. In other words, how will you resume back to being normal again? Well, this is where the BC Plan comes into play. It should spell what your plans will be and how you will evolve yet once again. In other words, this is viewed as a long-term plan, lasting months perhaps even a year or even longer.
Ok, those some of the differences. In future blogs, I will write more about the IR Plan and DR Plan, but for today, I am focusing on some of the key components that should be included into your BC Plan. So once again here we go:
What should be included???
*You need to define what your real business model is:
Let’s face it, once you are impacted, you will never feel the same again. It will always be in the back of your mind if it will happen again. The chances are always there, but hopefully you have taken the steps now to further mitigate that risk. But as you have these thoughts, another area you need to focus on is what your business model will be. Obviously, you will now have a damaged reputation and tarnished brand. You could even lose some key customers. But now the key here is not to look back, but to look into the future. Now is the time to define a newer business model as to how you will rebuild that powerful brand that you once had and gain even newer clients. You also need to consider the financial resources that you have at hand in order to do this. Obviously, some money will have been spent in the recovery process, so you need to carefully decide here what the most important step are to take going forward. Remember, keep in mind that you customers are your lifeblood, and you need to focus on that, so you get your revenue base built back up. But also, don’t forget about your Cyber strategies here!!!
*Find out where the future risks and uncertainties lie at:
This part of the BC Plan will deal more with the Cyber front more than anything else. In this part, you need to conduct a detailed risk assessment analysis to see where your most critical assets are, and from there, rank them as to how prone, or risky they are to another attack. From there, you then need to apply this same classification scheme to all of your corporate assets, going all the way down to the least risky ones. Keep in mind that there are many risk assessments models that are out there, and a simple Google search will reveal them. Also, if need be, you should get the help of a Cyber related company that can help you with this risk assessment phase, as they can offer unbiased and neutral views.
*Quantify the impact:
Once you have the risk assessment done as outlined previously, the next step is to try to quantify the impacts of those risks. In other words, suppose you are hit again with another Cyberattack. You need to know what the impact of that will be to your most critical assets. Obviously, this can be a very laborious task to accomplish, but there are automated software tools out there that can do this for you. This is where the role of Artificial Intelligence, or AI comes into play. It can calculate these impacts in just a matter of minutes, but best of all, it can update your new risk assessment models in real time as on a 24 X 7 X 365 basis as newer Cyber threat variants emerge. It can also comb through huge datasets and find those unhidden trends that could be of great importance to your business.
*Create the newer strategies:
Once you have completed the above two steps, you are now in a much better position to res shift or even come up with brand new strategies as to how will protect those corporate assets, and how to better fortify your lines of defenses. But keep in mind, that these newer strategies should be tested first before they are put into practice. If you simply come up with them, and assume that they will work, you will be doomed for failure yet once again. You need to keep testing them until you feel confident that your new strategies will live up to their expected results.
*Execute these strategies:
Once you have tested your new tactics to stay safe and are confident enough that they will work, the final step here is then to implement them into practice. But there is one very important point to be made here: Just because you have implemented your new strategies, your work is not over. You need to practice your new BC Plan at least once a quarter to make sure that everybody stays sharp on it. By doing so, if you are impacted yet once again, you will be able to come back up yet once in a much shorter time frame than before. And by routinely testing your BC Plan, it is also imperative that you also keep it updated so that it fully reflects the new Cyber Threat Landscape, which of course, is constantly changing on a daily basis.