Cybersecurity gets a bit of a bad rap. From being called “The Work Prevention Team” to simply being an afterthought, it’s seen as a necessary evil by many. In my career I’ve sat around a few boardroom tables and heard the phrase, “Didn’t we do cybersecurity?” spoken with some destain, float across them. In most cases, we fully understand the need to protect ourselves from hackers and malicious actors. We fully understand that a breach will have an impact on our business. Still, the function of cybersecurity is not often considered as core to the business itself.
I want us to change how we think about cybersecurity and focus on what it delivers for the business, when done well. Let’s think of the simple scenario of two businesses, in the same market space. They are both of similar size and rate of growth. It’s a buoyant market with plenty of opportunity for both companies. One of them is breached by a hacker. Systems are damaged also data is stolen and exposed damaging the reputation of that organisation.
Now, you may be thinking that your organisations has nothing to hide but that doesn’t mean reputational damage cannot occur from the data your company holds. Someone will always take umbrage at something your company does. Exposure of customer data, no matter if everything leaked is already in the public domain, will reflect on your company’s ability to keep the information shared with it safe. There is no scenario where a breach is seen as a positive thing.
There is an argument that it shouldn’t be seen as negatively as it regularly is. After all, those people who’ve ever attended any cybersecurity conference will know, “It’s not if, it’s when.” A breach is considered an inevitability but that doesn’t mean a total breach is unavoidable – more on that later. Currently, however, a breach is still news and news is sensationalised to win eyes and ears.
Back to our breach. One of our organisations has been hit by attackers and their reputation has been impacted. The teams inside that business are running around trying to eject the attacker, close the holes that allowed their attack, establish the scope of the breach and trying to bring the damaged systems back to fully operational status. It’s basically like trying to juggle with knives when you’ve planned for juggling with knives but never really had the opportunity to practice (in many cases).
In this scenario, you can imagine that the business of business isn’t happening or, is happening at a much reduced rate. If the impact is significant, it’s possible the business fails over to a paper-based approach to ensure essential business continues while the digital systems are out of action. This will take some time to get to a productive level of operation, regardless of planning and practice sessions.
All in all, the breached company is struggling to keep moving forward while our other organisation is breezing ahead. It may be picking up a few new customers as well, much to the disappointment of our breached team. Customers, once lost for cause, are many times harder to reacquire than they were to acquire in the first place.
The TL;DR (Too Long; Didn’t Read) is that a breach is going to do far more than just impact your IT systems, it’s going to hamper your ability to do business.
With that in mind, I hope it’s clear how fundamental cybersecurity is. How it features as a key aspect of any business resilience or business continuity plan. I urge you to make cybersecurity a part of your business fabric and place it first among equals when planning anything. It’s so much easier to incorporate cybersecurity from the start than add it later. Change the wording from “How do we do this and secure it?” to “How do we securely do this?”.
0 thoughts on “
CybersecurityBusiness Continuity Planning”