Secure Your Resilience

October 17, 2023

Growing up, my parents worked in the hospitality industry. Back then, resilience wasn’t necessarily a topical concept. The ability to continue serving clients and recover in the event of a fire, flood or other catastrophic event was pertinent. But the terms, business continuity and disaster recovery (BCDR) were scarcely talked about, if ever, and only in the context of minimizing impact.

Today, BCDR plans still play an important role in helping enterprises get back to business. When I worked for the Federal Bureau of Investigations (FBI), I learned about contingency plans and how we needed to secure backup plans for backup plans to cover every possibility in our dynamic world environment. Traditional BCDR, however, doesn't account for the turmoil and sizeable impact of modern realities. For instance, who could have predicted the abrupt switch to remote work predicated by the COVID pandemic? Or the epidemic of financially motivated cybercrimes like ransomware that shut down hospital systems and medical services across at least three states?

Today, organizations must think about resilience in terms of digital transformation and cybersecurity. This means traditional BCDR must extend to a cyber event, which is innately different than recovering from a natural disaster or other event. True resilience must account for any threat to the systems, applications and data that keep a business up and running.

In many modern organizations across all industries, there's still work to be done. The good news is that regardless of your company's unique infrastructure or mandates, the steps to launching resilience initiatives and shoring them up remain the same.

Shift to Proactive

It’s generally accepted that the more work you do to prepare for something, the better the outcome you’ll receive. The same principle holds true for cyber recovery, and that means organizations should prepare for not “if” they will be attacked, but rather, “when.” Assuming the inevitability of an eventual attack or breach gets teams thinking in advance about the next, best steps for recovery, and fosters a more resilient mindset.

This type of proactive thinking needs to spread throughout the organization, from the C-suite to the reception crew. IT security teams should furthermore be looking to take proactive steps into the recovery space. Specifically, consider adopting a solution that addresses recovery holistically. This means not only understanding the criticality of assets within your environment, but all the other interdependencies across the business.

Determine and Prioritize What is Business-Critical

Today, our ability be connected and have the internet at our fingertips is that is better than ever. The unfortunate challenge with that connectivity is that if one part of your organization gets hit, all your operations can potentially be affected. Due to the complexity of the modern network environment, even if you think you’ve got every critical asset covered, there are probably even more layers to pull back.

A good cyber recovery plan should first partner with various programs across the business to understand all its criticalities. It should not only be limited to critical assets but focus on the general processes with which they share dependencies. After working across systems, data and application owners, the recovery solution should then map everything according to priority. For example, some systems may need to be brought back online before certain applications to access specific data. Additionally, core infrastructure will need to be up and running as the backbone to support those systems.

This increased awareness around essential business capabilities can help you realize all your interdependencies and then subsequently protect them. More specifically, it’s about enriching the information from your own systems to understand the best ways of employing backup technology, as well as developing an orchestrated response in the form of a recovery plan. This is an important addendum, because if you don’t know what to do and when to do it — that is, how to recover at the right time — you’ll likely be spinning your wheels and wasting time.

Get Specific. Get Tactical.

Maturing BCDR to contend with a fast-moving threat landscape requires a multidimensional approach that not only transforms resilience at the strategic business level, but at the tactical level as well. By drilling down into the granular elements of every single system, application, and data that goes into a critical business process, you’re clarifying exactly how to secure it. Applying such tactics presents a tangible way to raise security awareness around crown jewels while enhancing the overall business strategy.

Tactics should also include hands-on-keyboard, step-by-step recovery plans that are operationalized to be tested and maintained programmatically to keep step with evolving threats and ever-changing business needs. Importantly, translating tactics to strategy enables your teams to approach the C-suite and demonstrate how fast you can recover, and also present a step-by-step process to do so.

Concluding Thoughts

Whether you own a small- to medium-sized business like my family, or you’re part of a global organization with a mission to protect billions, it’s never been more important to enhance business continuity amid a new climate of unpredictable, and frankly inevitable, cyberattacks. There are ample additional benefits, too.

For example, with increasing cyber insurance premiums and forthcoming policy limitations on state-sponsored attacks, evolving your recovery solution can present a distinct opportunity. Once implemented, such a solution grants you the ability to recover securely. Therefore, enhancing your recovery capabilities, and in turn your organizational resilience, can offer a viable path to alleviate cyber insurance dependence.

Additionally, for public companies, IT security teams will be able to better identify the extent of impact from a cyber incident for reporting and help inform their board of specific cyber risks to support the newly ratified SEC cybersecurity rules.

Combined, these efforts can help you transition from weeks of chaotic recovery to days- or hours-worth of smooth and coordinated restoration to a secure state. When getting breached is only a matter of time, your ability to bounce back will keep you formidably competitive in the years to come. It all starts with a resilient mindset. Establish this approach, and resilient actions will soon follow.