Latest trends: Rethinking business continuity planning and cybersecurity

Over the past year, organizations of all sizes had to contend with significant changes, challenges, and adapt business processes. This came with increased cybersecurity risks. Even now, as we slowly transition to a ‘new normal’, the cybersecurity landscape is anything but certain and organizations often find themselves playing catch up with this evolving threat landscape. This is very clear if you look at the cybersecurity trends that are emerging from this new post-pandemic era. Even so, business continuity planning and cybersecurity essentially remain in separate silos. Yet the changes in the IT and cyber threat landscapes call for organizations to urgently rethink and adjust their approach to include cybersecurity as part of their business continuity planning. In this article we consider 4 trends highlighting the need for cybersecurity to form part of business continuity planning and conclude with some tips on how to integrate cybersecurity in your business continuity planning. 

1.   Cybersecurity practices have become more difficult to manage as a result of COVID-19

2.   Cyber-attacks are likely to be more destructive

3.   The demand for remote work will increase and so should remote working security

4.   Ransomware and phishing will remain primary risks in 2021

5.   How to include cybersecurity in your business continuity planning 

Cyberattacks leveled at digital infrastructure are one of the most common global threats. According to the World Economic Forum's Global Risks Report 2021, cybersecurity failures are considered the fourth most likely short-term risk that will develop into a critical global threat. Ransomware was furthermore responsible for one in four attacks that X-Force responded to according to the IBM Security Report. A disturbing trend was also seen in the form of double-extortion attacks. These ransomware attacks entail cybercriminals first exfiltrating before encrypting the data. In fact, 59% of the cases noted in the X-Force Threat Intelligence Index 2021 report used the double-extortion strategy.  

1.   Cybersecurity practices have become more difficult to manage as a result of COVID-19    

Remote working and cloud-based services blur traditional security perimeters and cybercriminals have fast taken advantage of any door a company or its employees left open while trying to manage security practices remotely. Cybercriminals used the increased digital footprint and traffic to find vulnerabilities, to embezzle money or to launch Covid-19-themed attacks. In this new and unfamiliar environment, cybersecurity professionals must aggressively confront the risks by, for example, scrutinizing the digital capabilities of their critical business functions to ensure they can withstand a cyberattack. The best way to do this is to include cybersecurity as part of your business continuity strategy. 

2.   Cyberattacks will become more destructive      

A comprehensive approach to and integration of cybersecurity into business continuity plans have become vital as cyberattacks are evolving and becoming more advanced. As these attacks are evolving, they also become more destructive by disabling access to systems and data or even destroying infrastructure. The reality is that organizations of all sizes are a potential target of cyberattacks. Small and medium enterprises (SMEs) are frequently used as a springboard in preparation for breaching larger organizations further down in the supply chain. Detection, prevention, response and recovery are crucial to protect businesses against the impact and consequences of cyberattacks and data breaches. It is no wonder that the World Economic Forum has rated cyberattacks the top risk for doing business, second only to natural disasters.

3.   The demand for remote work will increase and so should remote working security 

As organizations embrace remote and smart working, enterprises are having significant challenges to protect and ensure secure access to their networks. This calls for an urgent rethink of their current cybersecurity approaches to develop countermeasures and embrace the zero-trust architecture to combat remote working threats. 

4.   Ransomware and phishing will remain primary risks in 2021 

Although cybercriminals have doubled down on ransomware and phishing, it is anticipated that deepfakes and disinformation will also become major threats in the future. For example, very recently affiliates of the Russian hacker group, REvil, infiltrated Florida-based managed service provider, Kaseya, and deployed a ransomware attack. They seized a vast amount of data and demanded $70m in payment for its return. This attack is already being called “the biggest ransomware attack on record” and has affected hundreds of businesses globally, including supermarkets in Sweden and schools in New Zealand. Being prepared for events like this is no longer optional. This means having a business continuity plan that includes cyber resilience to ensure you not only survive a cyberattack but can rapidly return operations to normal.

5.   How to include cybersecurity in your business continuity planning  

Cybersecurity is a critical part of an organization’s business continuity plan and as such it is crucial to include a strategy to reduce cyber risks in business continuity planning. Such a strategy will see collaboration across different departments and ensure a timely plan is in place to respond to potential attacks. Aspects such as involving a cybersecurity team, embedding basic security controls, ensuring that emergency access is granted and automating your business continuity plan as far as practicable are indispensable considerations for proper planning. With that said, training and effective communication should form the foundation of business continuity planning as your plan is just as strong as your weakest link (employee).

As cyber-attacks continue to increase, organizations must ensure that efforts to secure operations are aligned with procedures to support and restore these operations in the event of a cyber-attack. Plan4Continuity’s unique cloud SaaS solution can create disaster recovery and business continuity plans in the cloud as live applications. It includes functions such as automated, real-time communication to all users via email or mobile phones, broadcast and roll call management, and real-time evidence of responses to and measures taken during a ransomware attack.

You might also be interested to read:

PLAN4CONTINUITY PLAN OF THE WEEK: IT Quarterly Checks

Return to the office post-COVID-19: Ensure a healthy workforce and safe office environment