The threat is real, difficult to manage and requires specialist knowledge to protect the business, monitor the threat and handle the incursion.
What’s more, all the evidence points to a rapid growth in the sophistication of attacks and an increasing difficulty in countering the threat. So what is the role of the business continuity professional in the world where the teenage hacker, cyber-criminal and cyber terrorist prevail?
The impact is on the Business
Put aside the complex technology knowledge that’s required to understand the micro details of an attack and take a look at the business implications and disruption that occurs. From denial of service attacks to loss of data, fraud, criminal activities etc. all impact the day-to-day operations of a business.
From reputational damage to loss of services, there can be significant impacts and it is easy to predict that the response requirements will go far beyond the technocrats. Which means there is a need when planning for continuity to ensure that the events and impacts are not lost in an world of IT acronyms and cyber specialists but have a business focus based on impact and risk.
Make the difference between “them and us”
But don’t forget that whilst the media loves a good cyber story, evidence still points to insider issues (and supply chain weaknesses) driving or contributing to data loss and hacking incidents.
Take Talk Talk as a recent sizeable example in the UK from October’s list of “victims”. For a reported third time in 10 months they have been the target of hackers and at a professional level there may be at least a degree of sympathy or even thankfulness that “its them and not us”: the reality is that data is valuable, it interfaces with core business activities and any threat to it or the aligned processes is a threat to the business.
Testing ideas, raising awareness and integrating response teams across the technological/business divide are all objectives for cyber exercises, but if well run they should also help to build corporate understanding of the value of the assets and the threat to core business activities of cyber crime.
Or to put it another way, a well run exercise will help to validate and promote the Business Impact Analysis. At Corpress we believe it is time for the Business Continuity Profession to actively participate in the cyber debate so we have released guidance for the BC professional on running cyber exercises; contact us at Contact_Us@corpress.uk if you would like a copy and let us have your thoughts on the subject.