Dave Shearmon’s blog “How should a Board of Directors and their advisors view Cybercrime Risk opened up the discussion about how cybercrime and Business Continuity is viewed in the boardroom, and he should know, he is talking to boards and directors about this every day.
He focused on the most visible IT a company can have – its website, and he delved into some of the things that can happen when it is compromised.
This blog is both a follow on and response to some of his thoughts from a service providers perspective.
One thing we both agree on - Cyber Crime however enacted, will happen, nothing will 100% secure your IT from it happening and in many cases, its will remain undetected for some time. Developing a risk Assessment of Crime and impact on a business at board level is essential.
As a service provider, Vissensa works with a wide range of companies in a diverse set of industry sectors, who’s businesses are moving at varied paces and who’s IT provision is at different evolutionary stages. So in short, we get to see the Business Continuity problem from soup to nuts.
When we take on a Business Continuity project, one of our key deliverables is to understand the risk profile of the company and work with the IT team and directors to ensure they understand the threats and recognise the right measures in place to ensure their Business Continuity requirement reflects the processes in place, protecting their systems and data.
“Closing the Gap” between an organisation’s belief in their current level of protection and the reality is sometime the hardest battle to overcome. The battle is between those who hold on to the myth that because they back things up they are safe and the firewall will protect them and then there are those who believe the bear minimum is OK and it’s unlikely to happen to them. Incidentally, when you ask the second group if they have house insurance - they do believe that it might happen to them - just not in the office!
I’ve rarely met a board of directors that believe they are backing too much up, and if I was to be honest, most don’t know if they are backing things up or not.
The real question that separates those who are ready and those who are at risk is: “How much of your systems can be recovered and how quickly could you achieve this? The number of directors or business owners that can confidently answer this is depressingly low.
Dropping the backup and recovery piece into the cloud because everyone’s doing it, it’s easy and it relieves you of the responsibility is a real danger and very shortsighted. The tools and software to transfer information and images from your productions systems to somewhere safe are widespread, well used and reliable. What’s missing is the “how” and what do I need to consider?
This is where the problems can start, when the people implementing the Business Continuity plan are inexperienced, learning on the project and trying to cookie cutter a plan someone else developed for a completely different set of issues – regardless of if it’s on your site or in the cloud.
Understanding all the threats that need to be covered, from old hardware or software , applications which won’t run on the latest and greatest, security based considerations, identifying key applications and data through to key users and those who have privileges that might make the organisation vulnerable.
Using an experienced Managed Service Provider who has a track record in working with organisations that have a tight security stance will make a massive difference in the ability to develop a comprehensive Business Continuity plan.
Vissensa for example build in “black tests” – recovery tests that simulate a total failure of part or all of your IT and run them a number of times a year, using your real data and restoring it using a set of agreed and tested processes into our cloud platform to verify the critical access to your data is possible and confirming the time it takes to return to an operational status from your IT systems being unavailable.
Security Dialogue is a great example of a specialist company that work with Vissensa to extend the security provision an MSP can give clients, collaboration, with the right specialists and a experienced MSP ensure that when a Business Continuity plan is invoked, for physical, logical or cybersecurity reasons, the business can rely on the services supporting the business to be available within the prescribed timescale and the IT teams can focus on the business issues rather than firefighting a broken or misunderstood recovery process.
For more information on Vissensa, or MSP services and our Business Continuity solutions visit our Disaster Recovery and Business Continuity section on the website or contact us on 01252 216 560 for our guide on backup and recovery.