Secure Your Resilience

October 21, 2022

Growing up, my parents worked in the hospitality industry. Back then, resilience wasn’t necessarily a topical concept. Business continuity and disaster recovery (BCDR) was scarcely talked about and only in the context of minimizing downtime in case of a fire, flood or other catastrophic event.

BCDR plans still play an important role in helping enterprises get back to business. When I worked for the Federal Bureau of Investigations (FBI), we needed to secure backup plans for backup plans to cover every contingency in our dynamic world environment. Traditional BCDR, however, doesn't account for modern realities. For instance, who could have predicted the abrupt switch to remote work predicated by the COVID pandemic? Or the epidemic of financially motivated cybercrimes like ransomware?

Today, organizations must think about resilience in terms of digital transformation and cybersecurity. This means traditional BCDR components must extend recovery to a cyber event, which is different than recovering from a fire or flood. True resilience must account for any threat to the systems, applications and data that keep a business up and running.

In many modern organizations, there's still work to be done. The good news is that regardless of your company's unique infrastructure or mandates, the steps to launching resilience initiatives and shoring them up remain the same.

Shift to Proactive

It’s generally accepted that the more work you do to prepare for something, the better the outcome you’ll receive. The same principle holds true for cyber recovery, and that means organizations should prepare for not “if” they will be attacked, but rather, “when.” Assuming the inevitability of an eventual breach gets teams thinking in advance about the next, best steps for recovery, and fosters a more resilient mindset.

This type of proactive thinking needs to spread throughout the organization, from the C-suite to the reception crew. IT security teams should furthermore be looking to take proactive steps into the recovery space. Specifically, consider adopting a solution that addresses recovery holistically. This means not only understanding the criticality of assets within your environment, but all the other interdependencies across the business.

What’s Business-Critical?

The unfortunate nature of ransomware is that if one part of your organization gets hit, all your operations can potentially be affected. Due to the complexity of the modern network environment, even if you think you’ve got every critical asset covered, there are probably even more layers to pull back.

A good cyber recovery solution or service first partners with various programs across the business to understand all its criticalities. That’s not only limited to critical assets, but also the general processes with which they share dependencies. After working across systems, data and application owners, the recovery solution should then map everything according to priority. For example, some systems may need to be brought back online before certain applications.

This increased awareness around essential business capabilities can help you realize all your interdependencies and then subsequently protect them. More specifically, it’s about enriching the information from your own systems to understand the best ways of employing backup technology, as well as developing an orchestrated response in the form of a recovery plan. This is an important addendum, because if you don’t know what to do and when to do it — that is, how to recover at the right time — you’ll likely be spinning your wheels and wasting time.

Get Specific. Get Tactical.

Maturing BCDR to contend with a fast-moving threat landscape requires a multidimensional approach that not only transforms resilience at the strategic business level, but at the tactical level as well. By drilling down into the granular elements of every single system, piece of data and application that goes into a critical business process, you’re clarifying exactly how to secure it. Applying such tactics presents a tangible way to raise security awareness around crown jewels while enhancing the overall business strategy.

Tactics should also include hands-on-keyboard, step-by-step recovery plans that are operationalized to be tested and maintained programmatically to keep step with evolving threats and ever-changing business needs. Importantly, translating tactics to strategy enables your teams to approach the C-suite and demonstrate how fast you can recover, and also present a step-by-step process to do so.

Concluding Thoughts

Whether you own a small- to medium-sized business like my family, or you’re part of a global organization with a mission to protect billions, it’s never been more important to enhance business continuity amid a new climate of unpredictable, and frankly inevitable, cyberattacks. There are ample benefits, too.

For example, with increasing cyber insurance premiums and forthcoming policy limitations on state-sponsored attacks, evolving your recovery solution can present a distinct opportunity. Once implemented, such a solution grants you the ability to recover securely without making a ransomware payment. Therefore, enhancing your recovery capabilities, and in turn your organizational resilience, can offer a viable path to alleviate cyber insurance dependence.

Combined, these efforts can help you transition from weeks of chaotic recovery to days- or hours-worth of smooth and coordinated restoration to a secure state. When getting breached is only a matter of time, your ability to bounce back will keep you formidably competitive in the years to come. It all starts with a resilient mindset. Establish this approach, and resilient actions will soon follow.