In recent blog posts we’ve been closely examining a recent Gartner report, Prepare for and Respond to a Business Disruption After an Aggressive Cyberattack. The report recommends some excellent best practices for the preparation and planning phase, some of which we’ll look at in this post.
Your computer security incident response team (CSIRT) and business continuity teams need to work together to identify gaps in your organization’s response and recovery plans, develop a joint remediation plan, and develop a process for continuous improvement.
A crisis management team comprised only of continuity-minded executives will be inadequate to fully address serious business disruptions. You should consider adding CSIRT representatives.
Of particular importance, Gartner advises, both during and after a cyberattack, is how the crisis team manages communications to internal and external stakeholders.
A cyberattack will likely require your organization to respond in ways that are not “business as usual,” especially if IT services are compromised or unavailable. Expanding your CSIRT to include representatives from business recovery and disaster recovery teams will help.
“Adding a cyberattack as a scenario in the BIA,” Gartner says, “results in the one thing that most information security professionals don’t know as part of their spheres of responsibility: the impact on business operations due to the incident. The business should document the various life/safety, financial, reputational, regulatory/contractual and operational impacts on its operations if IT services are down due to a cyberattack. This is no different from a power outage or a fire that makes IT services unavailable and adds a much needed expansion of most BCM programs to 21st century operations.”
There’s no doubt any more, if there ever was any, that a cyberattack can result in major damage that may result. That’s why it’s increasingly important to establish a world-class response—one that’s integrated, coordinated by BC/DR and your CSIRT staff alike, and based on best practices. Gartner recommends conforming to international and national standards such as:
Many more best practices are explored in detail in the Gartner report—a free copy of which MIR3 is proud to be able to provide. Download Prepare for and Respond to a Business Disruption After an Aggressive Cyberattack today.