Recent events in the news as well as trends in my own work have reminded me of how important it is for business continuity professionals to help protect their organizations against the impact of cyberattacks. In today’s post, I’ll list some ways BC teams can help their companies fend off this rising threat.
Related on MHA Consulting: Weighing the Danger: The Continuing Value of the Threat and Risk Assessment
The news this week contained stories reporting a serious recent malware attack against the City of Albany, New York. Malware attacks are a kind of computer extortion, where hackers encrypt an organization’s data and refuse to provide the key unless a ransom is paid.
One of the most concerning aspects of the story was that hackers reportedly obtained the personal banking data of some city employees and used it to raid those employees’ bank accounts.
This reminded me of how important it is for BC professionals to help their organizations fend off and recover from cyberattacks.
The costs of cyber events vary but can be extremely high. The costs are dependent on the size of the organization and the type of data affected. The president’s Council of Economic Advisers recently published a study titled “The Cost of Malicious Cyber Activity to the U.S. Economy.” The study estimated that in 2016, the economic damage to the economy caused by cyberattacks was between $57 billion and $109 billion. The cost of such attacks to individual companies can be as high as $500 million.
Organizations must make planning for and preventing data breaches an ongoing activity.
How can BC professionals help their organizations defend against and recover from cyberattacks? They can and should help their organizations in the following ways.
The BC team should help their organization obtain the appropriate types and levels of cyber insurance. In the present climate, every organization should have cyber insurance.
The only issue is determining what types of cyber insurance you should buy and at what coverage amounts.
In acquiring an insurer, you will likely also acquire a well-informed and highly motivated partner who can help you improve your cyber defenses. Your Risk IT Department may already have contacts – don’t reinvent the wheel here, let the experts in your organization do the work, but help as needed.
In obtaining cyber insurance, you should assess the level of protection you need for the following potential risks and losses:
The BC office should help the organization devise a response plan for responding to cyberattacks. This plan is separate from your other response plans. It can be part of your emergency response plan, but should at a minimum be a separate section with its own specific steps.
The cyberattack response plan should reflect the organization’s thinking on the following matters:
The BC planner should connect with the IT department, verifying with them what technology solutions are in place to limit the rise of a cyber event.
Finally, the BC office should ensure there is appropriate and robust training to prevent and deal with cybertattacks. This is known as Security Education Training and Awareness (SETA). This training should be constant and ongoing to be effective. The good news is it could be done in-house, as most likely the IT team has the knowledge to provide the necessary content with help from the communications team for development. If not, content can be provided by multiple vendors quite inexpensively. What’s more, training is the first line of defense. Most cyberattacks are enabled by the actions of an uninformed or careless employee, replying to a phishing attack or clicking on a malicious link.
In the current environment, it is likely not a matter of if your organization will be targeted by a cyberattack, but when.
As a BC professional, you have the opportunity as well as the responsibility to help your organization prepare to prevent and fend off such attacks, and to swiftly recover from a successful attack.
The areas described above amount collectively to an excellent place for you to start, as you set about this important work.
For more information on this and other hot topics in Business Continuity and IT/Disaster Recovery, check out these recent posts from MHA Consulting and BCMMETRICS: