Four key components for an effective strategy to secure your ICT systems and data and ensure business resilience.
By Jeremy Capell, Head of Advisory Services, ContinuitySA
We all know that cyber-crime is a real, and growing threat. The big question is how to develop and implement a credible strategy for enhancing cyber-security, and provide the business resilience to aid recovery in the event of an attack.
In my view, there are four key components to such an approach, but they have to be seen as a continuous, mutually reinforcing process:
Implementation: Create security and governance policies; and complete technical tasks like configuring firewalls.
Assessment: Establish what standards need to be complied with. Also includes technical activities like performing a vulnerability assessment and doing vulnerability testing.
Monitoring: The first two components take place at a particular moment in time, and thus a new vulnerability could emerge the following day. Monitoring provides the missing continuous oversight. It would include observing sites on the Dark Web, where hackers boast about their exploits and even post hacked information, checking whether traffic from the known “bad guys” is directed at the company websites, and constantly watching for new threats.
It provides the early warning that is so preferable to actually suffering an attack.
Response: When a breach occurs—as it probably will—it is important to have a response plan in place. It will include technical actions, but the business response must also be thought through. Included here would be protocols and plans for crisis communication, as well as procedures if the breach affects regulatory compliance. The quality of the response can determine how severe the impact is on the business over the long term.
Two final points. One is to consider specialist insurance because it usually comes with help from the insurance company for the response phase—it is in their best interest to limit the damage. Lastly, few companies can do it all: an independent consultancy can offer the overarching help that could spell the difference between success and failure.
For more information on how ContinuitySA can assist you with your business resilience requirements contact us.