Context

There are five emerging risks that Business Continuity has been facing since we came out of the Covid 19 pandemic. The first is cyber-attacks, a threat to highly digitized organizations that threatens the continuity of their operations.

Cyber-attacks have always been seen from the perspective of Cyber Security, keeping the Business Continuity team a bit on the sidelines. But when the cyber attack stopped business operations, alerts went off for Business Continuity leaders.

How can business continuity integrate this type of event?

In the Continuity Management, we have several elements that are modified with the incorporation of this scenario; let’s start:

1. Risk Analysis: Business Continuity Management needs to generate an approach with those responsible for Cybersecurity to know the risks that can potentially create an interruption of operations. When identifying these risks, one should know the impact from several perspectives: How will the organization’s income or assets be affected? What could be the reputational impact, for example, of a leak of sensitive data? What is the impact on contractual relations and regulatory bodies.
2. Business Impact Analysis (BIA) and CyberBIA: One of the main changes in BIA can be the recovery time objectives. Most technological recovery strategies focus on speed. However, for ransomware scenarios, for example, speed can work against us, as an infected file can quickly replicate itself in the Alternate-Data Center and contaminate our primary alternative.Therefore, it is necessary to rethink these times and prioritize those processes that focus on containing reputational damage.
3.  The Recovery Strategy: As explained above, it is possible that our Alternate Data Center may not be helpful in this scenario. Therefore, specific recovery technology solutions have been developed for this scenario. These solutions work as data vaults that keep isolated and secure the information that could use to recover from a data hijacking, so while the technological recovery and security teams recover the technological platform, the business processes can be based on manual processes to restore operations in a shorter time.
   

   
   As for the plans…

4. The Incident Management Plan: Wait a minute, which plan are we talking about? The cybersecurity incident management plan or the continuity incident management plan. Suppose our organization has a Continuity Incident Management Plan. In that case, it should define criteria to connect with our cyber incident management plan, with one primary purpose: When can the cyber-attack become a crisis? Well, here, we have to use our analysis and integration skills.
5. The Crisis Management and Communications Plan: If the cyber-attack becomes public, reputational containment will likely be needed from the Top Management. Therefore, within the communicational and strategic management of the organization, it must be defined and exercised how it will be responded to institutionally. Remember that the participation of the legal areas, corporate communications, and Top Management is fundamental to this plan.
6. Cyber Recovery Plan: This plan is specific and is added as an additional deliverable to the Disaster Recovery Plans (DRP).

Many companies have already been made aware of this situation, however, some are faced with the challenge of how to address the work to be done. For them, I hope this article will be helpful.