Page 49 - index
P. 49
Dodging disaster: Cybersecurity and business continuity
By Stephen Cobb, senior security researcher at ESET
You know your company runs on data, and you’ve installed firewalls and antivirus to protect
your systems, but could your business keep going if the power went out? Or your Internet
connection went down for a day? Or your office was inaccessible due to flooding or if some
other disruptive incident occurred? For many organizations the honest answer is: That would
depend on the exact nature of the “incident” and how long it lasted.
Some companies do go out of business when they are hit with a disaster for which they have
not adequately prepared, which is unfortunate because the path to preparedness is well-
documented. Any company of any size can improve its chances of coming through a
disruptive event in one piece—with its brand intact and its revenue undiminished—by
following some tried and trusted strategies collectively known as Business Continuity
Management (BCM).
What is business continuity? Business continuity is the ability of an organization to continue
to deliver its product and services at acceptable predefined levels after disruptive incidents
have occurred.
Identify and rank the threats
• List potentially disruptive incidents that are most likely to threaten your business. For
example, in San Diego, where ESET is based, there is a relatively high level of
earthquake and wildfire awareness. But what about a data breach or IT outage?
What if a toxic chemical spill puts your premises off limits for several days?
• A good technique at this stage is to include people from all departments in a
brainstorming session. The goal is a list of scenarios ranked by probability of
occurrence and potential for negative impact.
Perform a business impact analysis
You need to figure out which parts of your business are most critical to its survival.
• Begin by detailing the functions, processes, personnel, places and systems that are
critical to the functioning of your organization. The BCM project leader can do this by
interviewing employees in each department and laying the results out in a table that
lists functions and key person(s) and alternate person(s).
• You then determine the number of Survival Days for each function. How long can
your business endure without that function causing serious impact?
49 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
