Knowledge and Insights

Thoughts on Cyber Threat and Business Continuity Management

Security Online

Evolving technology is affecting every organization.  We’re able to gather, evaluate and use information at a pace never before seen. The integration of global computer networks has removed past barriers to sharing information. “The cyber ecosystem (like natural ecosystems), comprises a variety of diverse participants – private firms, nonprofit organizations, government entities, individuals, processes, and devices (computers, software and communication technologies) – that interact for multiple purposes, according to the U.S. Department of Homeland Security.

Information sharing is simultaneously the cyber ecosystem’s primary benefit and threat. Private data is becoming increasingly accessible to criminals and bad actors. With cyber attackers growing more and more sophisticated in their methods and the number of data breaches on the rise, cybersecurity is top of mind in both public and private sectors.  Some believe it’s not a question of if but when you’ll fall victim to a cyber-attack. The numerous attacks on government agencies and large corporations in recent years have been serious and costly enough to prompt action at the federal level.

Last year, the Trump administration issued an executive order mandating that all U.S. federal government agencies plan, develop and submit formal cybersecurity risk management plans to help safeguard sensitive information. It promotes cyber risk mitigation across the entire government by holding every agency head personally responsible for network protection and requiring all agencies to modernize their information technology systems. In addition, each agency is expected to use the National Institute of Standards and Technology’s Cybersecurity Framework to enhance internal controls and data management.

Organizations of all sizes should make sure they’ve developed and can follow a resiliency and business continuity management (BCM) process in the event of a cyber, or, indeed, any disruption. BCM is a process that identifies all risks and vulnerabilities that could threaten an entity’s work-flow and provides a framework for building an effective response, ensuring continuance-of-operations and safeguarding the interests of key stakeholders, reputation, and value-creating activities.

BCM is needed because the effects of an emergency disruption or disaster, whatever the cause, are widespread. If a government agency or an individual company experiences a disruption, it can be devastating for the people who rely on its payroll, as well as its services. Large-scale disasters, like Hurricane Sandy in the Northeast U.S. or the recent Mexican earthquake can lead to multiple other emergencies and quickly put many organizations and businesses out of commission.

BCM (or lack thereof) is critical because it considers more than the initial emergency and entity. It helps address far-reaching effects on people/taxpayers, their families, and even various levels of government. It’s more than just preparing for a major incident—like a flood, a fire, an active shooter attack- it helps prepare an organization and its employees for almost anything. It takes into account what will be required to get the organization up and running as soon as possible and keep it and its employees working and contributing to the economy for the long term.

In order to make it work, stakeholders across the organization and its value chain should be involved: department managers, strategic planners, project and procurement teams, key suppliers, elected officials and boards of directors.

An effective BCM plan that stems from risk assessment and gap analysis can minimize the effect of a disruption on an organization, reduce the risk of financial loss, help retain reputation and brand, give staff and clients confidence in the organization and its services, enable the quick recovery of critical systems, and help ensure that legal and statutory obligations continue to be met.

For assistance with an assessment of cyber security or other risks that could impact your organization, or to discuss business continuity planning, please contact me at wbroudy@mercadien.com or 609-689-9700.