Make a business continuity plan to achieve real cyber resilience
Cyber resilience cannot be considered in isolation, but should rather be considered within the context of the overall business continuity plan, says Cindy Bodenstein, Marketing Manager at ContinuitySA.
She says cyber resilience was chosen as the theme for this year's Business Continuity Awareness Week because of the growing threat of cyber crime, but an integrated response is vital.
"While we need to place more emphasis on making cyber systems more resilient, we do need to guard against seeing these initiatives in isolation," she notes.
The enduring lesson of business continuity's maturation over the years is the importance of looking at the organisation's risk holistically, and then developing a business continuity plan based on that assessment. Risks and their impacts have always been interrelated, and that interrelation has grown over the years. Properly understanding a risk, and how to respond and recover from it, requires knowing how it affects the rest of the organisation's processes and people.
In fact, this growing interrelationship is in large measure driven by the growing dependence of business and society on ICT for virtually every aspect of their functioning. It is another clear reason to treat cyber risk, and thus cyber resilience, as part of the overall business continuity effort.
Most organisations would accept this view, but in practice, too many of them continue to see cyber risk and resilience as purely technical issues, the domain of the CIO and the IT department.
"Obviously, technology has a critical role to play in securing ICT systems, but it is far from the only role-player. Arguably, it should not even be the main one," she argues. "IT professionals are unlikely to be risk management experts, and they are obviously not fully conversant with the minutiae of the business processes themselves, and how they interact with each other."
For example, she continues, IT professionals may effectively protect the enterprise systems while inadvertently leaving a "back door" open via an insecure mobile app or cloud service. And spending on the IT disaster recovery plan might not take into account the relative importance of the various business processes.
It is thus vital that cyber risk is integrated into the overall enterprise risk management process, and thus into the business continuity plan, to ensure the organisation is truly cyber resilient, Bodenstein concludes.
The concept of cyber resilience is being more fully explored during Business Continuity Awareness Week (15-19 May). Visit www.bci.org for further details and to see when ContinuitySA will be presenting Webinars. In addition, Continuity Mozambique will be hosting open days during this week, where clients can make an appointment to visit the site and view the backup facilities. For more information, please contact Cindy Bodenstein at ContinuitySA: +27 11 554 8000, www.continuitysa.com.
ContinuitySA is Africa's leading provider of business continuity management and related services. The company boasts some of the continent's most highly skilled and qualified business continuity and disaster management experts who help companies, organisations and government departments of all sizes prepare for and deal with all eventualities. These include potential threats, events, incidences and unforeseen or sudden disruptions due to human error or natural events.
ContinuitySA also provides a variety of hosting solutions, ranging from co-located to fully managed virtualised environments, with their primary focus being to ensure its clients are able to address the resilience and recoverability of their IT services. These hosting services are complemented by managed backup and recovery services, virtual server replication and high availability solutions to satisfy any level of continuity requirement.
ContinuitySA operates the largest recovery facilities in southern Africa. It has a number of recovery centres in southern Africa with over 20 000 square metres of recovery facilities in Midrand, Gauteng. Smaller sites have been located in Cape Town, Gaborone, Botswana and Mozambique, and a joint venture has been established in Mauritius.
ContinuitySA. Our business is keeping you in business. Additional information about ContinuitySA can be found at www.continuitysa.com.