Yes, you heard it right. Today this is one of the biggest concern in any industry on whether we are Secure in terms of Cyber Attacks or is it going to cause us business problems or is it going to make us paralyze completely with its presence.
With the recent attacks that have happened wrt Ransomware, it is a clear indication that we need to be prepared. This has raised concerns about whether we are prepared with respect to the continuity of the business of any industry when this kind of attack prevails. Today it is good to see that people are more aware than a decade before. They know that it is going to come so prepare beforehand and prepare well.
While we are moving towards the world of DevOps this is becoming more crucial. With the regular Business Continuity program, the cybersecurity part requires a special attention as the effects of it are wide enough to cause you direct loss of money and reputation both.
There are various practices that are available to make us more secure. Now there are two ways to go by it. Either test it enough to gain confidence that it is robust to go live or get attacked. Monitoring your data/application is a major task that has to be taken into consideration and any incident which is related to cyber has to be given the same importance as any other incident as this might cost you money, data and most of all your reputation.
There should be policies on how to handle this kind of attacks and also make sure that your management is well aware of this kind of risk which is involved.
The first and foremost thing is that your management and your team should be aware of the importance of the cyber-security in your business continuity program. They should be well educated on the importance of loss of data and the reputation that this kind of attacks can bring along and how it is their responsibility as well. Engage with regular training of the developers, infrastructure team and of course IT team on security and send them this message that you and the organization are concerned about it and don’t want it to happen. It is like providing your family with vaccination to avoid any kind of diseases.
The plan should include how well you are able to respond to that attack if you are the victim. Identification of the attack and then fully recovering your network and data back is really crucial and the most important task and believe me that it is a very difficult task.
Performing a proper impact analysis beforehand accounting you’re your critical assets and the data stored within is a very good activity that should be done. This is important as we should be well aware of what drives our business and whether it is safe. Analysis of the Impact on the revenue, if these attacks happen, is the most crucial part here. We should be aware of what will help us continue our business in the times of terror.
Above all, the most important thing will be on how you will keep up with your reputation while you are under attack. This is a part of the incident response on how effectively this communication happens with the external world as well as the internal stakeholders. Involving your PR team in this is a good idea to ensure that the reputation and the communication are well handled.
BE SAFE and prepare well.
-Article by Amit Kumar Sharma