To be resilient, you need more than one.
Please Note: This is the final article in a series. To start from the beginning, please click here.
You bought the best in security prevention and detection software your organization can afford and you’ve educated the entire workforce on best practices to recognize malicious emails and web links. You feel your company’s sensitive information is safe from the Big Bads of the cyber underworld. (High five!) But, you've begun to wonder what you would do if your network shows indication of an attack or, more critically, a breach. Who will make the determination that you’ve been compromised? Who needs to be notified and in what order? Who executes what role during the response? How will the business continue to operate? Do you have a plan in place or are you counting on your team, including your executives, to instinctively know what to do?
To successfully survive a security incident, you need not just one plan but rather three plans: business continuity, disaster recovery, and incident response. On the surface, they all seem to be very similar, so what are the distinctions and why are all three important? Because in practice, they each build upon one another and collectively ensure the protection and restoration of your critical business functions. Think of a business continuity plan as the bigger picture, and disaster recovery and incident response plans as two key mechanisms in preserving business continuity.
Business Continuity Plan
According to the Business Continuity Institute, business continuity “is about building and improving resilience in your business.” A business continuity plan (BCP) is a proactive process that identifies and documents the key business processes of your organization, potential threats, and the steps needed to recover and restore them during or following a disaster. BCP threats include, but are not limited to, natural disasters, terrorist events, virus outbreaks, and technology related events. Once a BCP has been constructed, a disaster recovery plan can be designed.
(9 Critical Functions of Your Business Continuity Plan from Forbes)
Disaster Recovery Plan
A disaster recovery plan (DRP) is a reactive process which identifies critical information technology systems, their threats, and the necessary steps to recover data, software, and even hardware. DRPs shouldn’t just focus on cybersecurity events, but should also include contingencies for unexpected loss of human resources as well. What good is a plan that relies on people if those resources are unavailable to help execute the plan?
(10 Principles of an Incident Response Plan from Harvard Business Review)
Incident Response Plan
In conjunction with BCPs and DRPs, an incident response plan (IRP) provides an added layer of protection and remediation. An IRP is a strategic plan for the security of services, transactions, and data. Its main goal is to identify cyber incidents, reduce the impact of a cyber incident, and ensure the recovery of affected systems. IRPs walk through the process to follow real-world incident scenarios, including: data breach, denial of service (DoS) or distributed denial of service (DDoS) attacks, firewall breaches, virus or malware attacks, or insider threats, etc.
(5 Disaster Recovery Plan Essentials from TechTarget)
The best way to ensure minimal loss of data is to conduct practice drills for each plan and continuously re-examine and redefine the process. This will help you quickly identify threats, shorten your response time, and ensure a fast recovery of your organization’s critical business processes and key infrastructure.
When the time comes that you see the warning signs of a threat to your business, you’ll want peace of mind. Not the kind that says everything is ok, but that kind that reassures you that you have a process in place to handle the situation. Your organization will be prepared because you know prevention and detection are just two parts of the cybersecurity equation; planning for identification, response, and recovery complete the cycle. Together they make your organization resilient.