© 2020 Content Security Pty Ltd.

Cyber Resilience: Take action before disruption

If there is one thing that our experiences over the past few years have taught us, it’s that the organisations who are best able to quickly recover and continue operating following an unexpected incident or disaster all have one thing in common: established contingency plans.

By formalising and testing plans for business continuity – day-to-day and during an incident or disaster – organisations can ensure critical functions are maintained or restored efficiently in the event of a disruption. And we all know, now, that it’s not a matter of if we will experience major disruption, but a matter of when, and more importantly “are we prepared?”.

Every organisation should consider what elements of the business are essential to their survival, what are the key parts that deliver on their mission and enable them to function. These may include physical assets, information assets, business processes, specific roles or individuals, or any combination thereof. Then, having defined these critical elements, the business can prioritise (potentially limited) resources, should a major disruption occur, and target their recovery first.

Mature organisations all have three underlying plans in common:

  • Business Continuity Plan (BCP)

  • Disaster Recovery Plan (DRP)

  • Incident Response Plan (IRP)


Business Continuity Plan (BCP)

The BCP is designed to help your business respond to, manage, and recover from disruptions. The BCP will define the key assets, roles, responsibilities, and processes required by the business to ensure ongoing operations. The BCP may also define which specific plan(s) to invoke depending on the type of disruption (e.g. DRP or IRP). This plan should be used proactively, ensuring that continuity considerations and activities are embedded throughout the organisation in regular processes. As such, it should be periodically reviewed and updated as the organisation and its continuity requirements evolve over time.

Disaster Recovery Plan (DRP)

The DRP is a formal document that describes the steps required to guarantee your business operations continue in the event of a major disruption. The plan should define the key individuals and teams required, their roles and responsibilities, and the process to follow to recover critical operations as quickly and safely as possible.

The DRP should also specify recovery objectives for all critical assets and functions (these may be specified in the BCP or within DRP itself) that will minimise the loss or impact to the organisation, including:

Recovery Time Objective (RTO) – how long the business can operate without this key asset. For example, a retailer may be able to sustain operations without logistics for a day or two, but only a very brief (i.e. hours) downtime of their point-of-sale systems or online store.

Recovery Point Objective (RPO) – how much (of the information or product of this asset) can the organisation tolerate losing. For example, a stock trading business may be able to afford the loss of days or even weeks of public website analytics information, but even a few moments of lost transactional data could have a disastrous impact to their organisation.

While this plan will be used reactively (i.e. triggered by a disaster event), to ensure it is effective in a real disaster scenario, organisations should periodically test their DRP to ensure staff are practiced and prepared, and that the DRP is updated to close any identified gaps.

Incident Response Plan (IRP)

An IRP formally defines how the organisation will identify, manage, and respond to an incident. It should have clear guidance on when this plan should be enacted, which teams or individuals are required, their responsibilities, and key steps to follow.

An effective IRP will cover the entire incident life cycle, from detection, triage and classification through to post-incident activities and reporting. For an organisation to be truly prepared, the plan must also be tested periodically, this ensures that your people have walked the steps and will be better practiced should a real incident occur. Testing and periodic reviews also help uncover areas that can be improved and potential gaps in documentation.

With the changes going on in the world, along with how we work with others, it’s more important now than ever before to consider where the critical elements of your business are, and how to manage disruptions to them. Through effective planning, and practice, you won’t get caught on the back foot for the next major disruption and your team will be ready to recover and maintain operations efficiently, thereby minimising impacts, interruptions, costs and damages of any future disaster or crisis that may occur.

Don’t wait for the next pandemic or cyber-attack, take action now! Be prepared and practiced and when the next major incident hits, you’ll discover how resilient you can be in the face of adversity.

Content Security have developed a Cyber Resilience methodology to deliver effective planning, testing and continual improvement, leveraging several industry standards (primarily ISO22301, ISO27031, ISO27035, but also standards from NIST, ACSC and APRA among others). 

For more information please contact our cybersecurity professionals today.

Recent news