How to include cyberattack risks in your business recovery plan
Cyber threats are increasing daily and have pushed companies, large and small, into planning for these incidents. Now is the time to include cyberattacks into your Business Recovery and Disaster Recovery Plans.
What connection points can be attacked?
- Incoming public and private network connections including routers, switches and firewalls can be infiltrated
- Equipment that supports the IT environment like servers, storage and printers
- Operation programming components that make the IT equipment work including operating systems, subsystems and applications
- Even the phone and process control systems that support the facility equipment and machinery
What should you include in your recovery plan?
Identify the threat
This can be a daunting task, since it may not be obvious that the operational impact or the physical damage was caused by a cyberattack. If the attack was for ransom purposes, it will most likely be communicated. However, if it was due to malicious intent or for publicity, there may be no communication at all.
React to the attack
The person identifying the problem must know who to contact and what immediate actions should be performed. The first actions taken could stop the damage or make it much worse.
Stabilize the Operation
The full extent of the damage needs to be assessed and the plan needs to be executed to:
- Stop the failing equipment or process
- Isolate the problem areas
- Decide what parts of the business can continue
- Develop alternate work schedules
- Make arrangements for support groups and forensic services
Mitigate the damages
See what can be reclaimed and determine if the operation can run in degraded mode, manual mode, or at the disaster site.
Recover the operation
The recovery effort will be directly proportionate to the amount of damage that was incurred. This includes both physical damage to equipment and the impact on the business in terms of lost revenue, damaged goods, perishable goods, penalties, and fines.
Your Disaster Preparedness Plan needs to be updated with processes and procedures to prevent a similar occurrence from happening again.