Effective business continuity requires evolution and a plan – TechTarget

Getty Images
Organizations have been left reeling from a flurry of business crises over the past two years. Data breaches, natural disasters, economic turbulence and the COVID-19 pandemic have many concerned about how they will withstand additional events in the coming year.
In FTI Consulting’s recent Resilience Barometer survey, business leaders in Germany cited a long list of scenarios they’re concerned will harm their business in the near term. Nevertheless, efforts to prepare for such events continue to be underprioritized. The survey found that 65% of respondents agreed with the statement that their organization struggles to adequately plan for an increasing number of crisis scenarios. Only one-third said they’re investing in updated business continuity (BC) plans.
What’s particularly interesting about these figures is that many organizations are making a significant investment in cybersecurity by adding internal and external resources to safeguard their systems and prevent attacks. This is important progress, as cyberthreats present some of the greatest risk to organizations across financial, regulatory compliance, operational and reputational resiliency. However, no system can be 100% secure 100% of the time — intrusions will still occur. More, cyber-risk aside, there are countless other crisis events that can disrupt and cause significant harm to a business.
The key to reducing these risks is to invest adequately in BC plans, as well as refresh and modernize IT infrastructure. Unfortunately, many decision-makers within a corporation view IT as a cost center and a top target when budgets must be cut.
Many businesses simply bolt on new tools as the business grows without investing in a holistic refresh of systems. This creates an unwieldy IT landscape that can be very difficult to restore if systems are shut down or put under stress during a major incident. This is a common but serious misstep, as IT resilience is critical to keeping everything within an organization up and running, especially in a crisis.
For example, one FTI Consulting client had an IT landscape that hadn’t been updated for more than 40 years. As the company grew organically and by acquisition, the IT infrastructure was never integrated or updated. Instead, more and more systems were added over the decades. When the company was faced with a large, high-stakes investigation, they had no map of internal applications and systems that potentially contained important or sensitive data. This led to a lengthy and costly investigation, and exposed the company to unnecessary risk.
In another matter, a client’s business was completely shut down for more than three weeks following a cyberincident. The attacker encrypted all the client’s systems and, because the organization didn’t have a working BC plan, it was impossible for business operations to continue until the incident was fully resolved. For this client — and many organizations like it — a lengthy standstill spiraled to severe business consequences, including potential insolvency.
These examples illustrate that surviving a major crisis requires a robust BC plan and countermeasures that are up to date and supported by a sophisticated IT infrastructure. Business leaders must rethink their IT strategy to ensure their organization’s systems are modernized and resilient enough to withstand a wide range of disasters.
There are five steps organizations can take to shore up the gaps in their IT infrastructure to ensure operations can be quickly and wholly resumed in the wake of a significant cyberattack or other major disruption.
Organizations need to know what IT systems are in use, how they’re used and accessed across the business, and what kind of information is stored within them. Creating and maintaining an up-to-date IT environment will inform teams of what functions rely on legacy systems and what parts of the internal landscape are likely to be the hardest hit during a crisis.
IT and cybersecurity teams can work with other business decision-makers to assess risk levels for each system. This involves comparing the organization’s business model against the IT infrastructure to determine which systems are mission-critical to operations. During the risk analysis, key considerations — such as whether the organization can survive without email for a week, what systems are regularly backed up and what systems are cloud-based vs. on premises — should be weighed and addressed. Organizations may want to assign tiers to each system to define which ones must be restored the fastest.
It’s often the safest course to colocate critical systems or keep certain backup systems offline. Ensure the colocation isn’t connected to the corporate network via Active Directory and that it’s segmented from other systems, as compromises can occur if the colocation is the primary environment for data storage and has a connection to the corporate network. Colocation lets organizations bring the most essential systems back online and continue operations, even if core systems have been breached or otherwise disrupted.
Many organizations keep backups, but backups aren’t always frequent enough to provide effective recovery. The backup and recovery strategy should be closely evaluated and refreshed to support business continuity. Key considerations include the frequency of backups (daily, weekly monthly), what resources are needed to enable a quick recovery if something goes wrong and outside providers that should be contracted to provide servers, other hardware and recovery services in an emergency. In addition to these considerations, best practices should include protecting access to backups through multifactor authentication, storing copies of backups offline or offsite, and testing the integrity of backups on a regular basis.
One of the most common ways security, governance and business continuity can be undermined is when the IT practices of acquired companies aren’t properly vetted or integrated. During an acquisition, it’s important to evaluate the target’s BC plans and IT landscape and to create a detailed plan for integration or remediation after the transaction has been completed.
Business risks are becoming more frequent and severe, and no organization can ever be completely insulated from a crisis. A plan for business continuity is paramount and starts with taking care of IT. IT teams are often under immense pressure to deliver results but with limited resources. Organizations need to understand that strong security safeguards are only part of the puzzle and that investing in a modern IT infrastructure that enables a plan to rebound quickly after an incident is just as important.
Renato Fazzone is a senior managing director at FTI Consulting and has worked exclusively in the technology field since the early 2000s.
David Dunn is a senior managing director and Head of EMEA Cybersecurity at FTI Consulting. He is an expert in data privacy and cybersecurity resilience, prevention, response, remediation and recovery.
Remote office data backup comes with its own unique challenges and considerations. Backup type and media can be affected by the …
Arcserve’s Unified Data Protection 9.0 adds better recovery for Microsoft SQL and Oracle databases and a multi-tenancy console, …
Cloud backup vs. traditional backup is an important discussion. Although the cloud backup market is soaring, traditional backup …
Discover how Fibre Channel and iSCSI compare when it comes to meeting SAN performance, ease of use, manageability, total package …
HPE released new storage servers for container and software-defined storage with the Alletra 4000. The new servers bring high …
Backup, cloud, disk and storage system vendors vied for top honors in the TechTarget Storage Products of the Year competition. …
Security analytics platforms aren’t traditional SIEM systems, but rather separate platforms or a SIEM add-on. Learn more about …
Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes…
T-Mobile said a threat actor first began using an API in November to obtain the personal data of 37 million customer accounts, …
The California Age-Appropriate Design Code Act goes into effect in 2024, meaning businesses with users under the age of 18 should…
In this Q&A, Schneider Electric’s Michael Lofty discusses why and how organizations need to step up efforts to reduce CO2 …
Fake product reviews can be harmful not just to consumers, but to businesses if their product is negatively targeted by bad …
All Rights Reserved, Copyright 2008 – 2023, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

brucemeyernet

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *