How to include cyberattack risks in your business recovery plan

What connection points can be attacked?

• Incoming public and private network connections including routers, switches and firewalls can be infiltrated
• Equipment that supports the IT environment like servers, storage and printers
• Operation programming components that make the IT equipment work including operating systems, subsystems and applications
• Even the phone and process control systems that support the facility equipment and machinery

Identify the threat

This can be a daunting task, since it may not be obvious that the operational impact or the physical damage was caused by a cyberattack. If the attack was for ransom purposes, it will most likely be communicated. However, if it was due to malicious intent or for publicity, there may be no communication at all.

React to the attack

The person identifying the problem must know who to contact and what immediate actions should be performed. The first actions taken could stop the damage or make it much worse.

Stabilize the Operation

The full extent of the damage needs to be assessed and the plan needs to be executed to:
 

• Stop the failing equipment or process
  
• Isolate the problem areas
• Decide what parts of the business can continue
• Develop alternate work schedules
• Make arrangements for support groups and forensic services

Mitigate the damages

See what can be reclaimed and determine if the operation can run in degraded mode, manual mode, or at the disaster site.

Recover the operation

The recovery effort will be directly proportionate to the amount of damage that was incurred. This includes both physical damage to equipment and the impact on the business in terms of lost revenue, damaged goods, perishable goods, penalties, and fines.

Prevent reoccurrence

Your Disaster Preparedness Plan needs to be updated with processes and procedures to prevent a similar occurrence from happening again.

To learn more about HSB’s Cyber solutions check them out here: