If you’re interested in building your organisation’s ability to withstand cyber-attack and who isn’t? Then you should make sure you understand that testing is your secret weapon in creating a proactive, effective strategy.
By Wayde Anderson, Client Manager, ContinuitySA
Most organisations fail to appreciate the importance and benefits of testing when it comes to business continuity and cyber resilience.
At ContinuitySA, by contrast, we live and breathe testing because we know that the only way to ensure that a business continuity plan works is to test it rigorously and frequently. A disaster is no time to find out that the plan has serious flaws.
Rehearsals are critical, but testing is much more than that. The often-overlooked benefit of testing is that by feeding the results of each test back into the business continuity plan, the plan becomes better in every way.
The same logic holds good when it comes to cyber resilience. It was chosen as the theme for this year’s Business Continuity Awareness Week because cyber security has emerged as the No. 1 threat that keeps CIOs, security officers and, increasingly, directors and executives awake at night.
Just to remind ourselves why that is: the Business Continuity Institute’s Cyber Resilience Report revealed that two-thirds of organizations had experienced at least one cyber security incident during the previous year, and 15 percent had experienced at least 10. As one speaker at a recent seminar said, “There are basically two types of organisation in the world today: The first has been a victim of cybercrime and is aware of it… the second is simply not aware that it is a victim.”
So, improving your ICT system’s ability to withstand an attack, and to recover from if your defences are breached, is eminently sensible. The first order of business is clearly to ensure that cyber security is integrated into the business continuity plan, and thus into the regular testing cycle.
Testing, and particularly crisis simulations and penetration testing, help identify weaknesses and help to refine the business continuity plan. Incident management, which naturally forms part of a test, also contributes to cyber resilience because, as numerous examples show, how an unexpected incident is managed is critical to limiting the damage it causes, both in the short and long terms.
In short, testing your cyber security measures will initiate a virtuous cycle of improvement, acting as a training regime to keep your cyber security in peak condition, and thus building resilience to even the unexpected. Crucially, it enables you to take a proactive stance against cyber criminals, to be prepared for whatever they do.
You could say that testing is your secret weapon in the fight against cybercrime.
Explore the concept of cyber resilience more fully during Business Continuity Awareness Week (BCAW2017) [15-19 May]. Find out more about the series of webinars and events.