The challenge
When DXC reviews an organization’s processes and plans around incident response, one topic is of special interest:
“How does an organization plan to cope with an attack that intentionally tries to impact or destroy an IT infrastructure to make political statements or to extort money?”
Business continuity planning generally uses an all-hazards approach to address the impacts of disruptive incidents, focusing on the response to and management of the loss of people, processes, IT systems and locations that support defined mission-critical activities while maintaining operational resilience.
The challenges of coping with cyber incidents and destructive IT attacks are:
- Lack of understanding of the potential impact of these threats on the organization, weak patch management and inadequate planning for the response
- Insufficient preparation to protect systems and to educate and train people to deal with these types of attacks
- Inadequate speed and technical ability to identify, assess and respond at the time of the incident
- Inability of an organization’s leadership to respond to the potentially catastrophic impact of this type of event, including how leaders communicate to, and manage the relationship with, customers, suppliers and regulatory bodies
Let’s be clear — threat actors and organized crime gangs are extremely powerful. They can:
- Access environments by elevating their credentials up to enterprise administrators, and exfiltrate data at all levels and areas of the organization
- Intentionally destroy the core business services and data in all compromised environments by deploying destructive software (e.g., ransomware, wiper) that may replicate/synchronize through the whole environment, including backup and recovery systems
In the event of a catastrophic loss of the production and recovery environments, the victimized organization is left with unusable data and the inability to provide even the most basic IT services, impacting the very continuity of all the organization’s processes.
The general technological approaches documented in a typical business continuity program range from normal backup, cluster creation and realtime mirroring over flashback copies to imaging. These approaches in isolation are not sufficient to respond to, and recover from, an attack.
How can our business continuity programs and plans be further enhanced to prepare leaders, teams, IT systems and processes to be cyber-warfare ready? If your organization hasn’t reviewed its business continuity management program through a cyberattack lens, then now is the time to do it.
Let’s examine common gaps in business continuity planning and how to address them in a business continuity management program.
link
