Skip to main content

Cyber Incident Response & Operational Resilience—COVID-19 Era Long-Haul Strategies

cyber incident response

By and large, we have made it through the initial crunch of the coronavirus pandemic. In incredibly short order, many organizations provisioned countless laptops and mobile devices and configured cloud networks and VPNs to facilitate work-from-home on a scale most of us never fathomed.

Typically, business continuity plans call for running a business under an emergency protocol for a limited period, after which normal operations are restored. However, the COVID-19 pandemic has resulted in an unknown period of remote working and severely altered modes of operation. To make matters even more challenging, organizations should anticipate the possibility, and according to many infectious disease experts, the likelihood, of cycles of employees fluctuating between working on-premises and home-based work, as the virus infection activity peaks, declines, and peaks again.

Due to high levels of remote working, most organizations’ security postures have been weakened. Cybercriminals are aware of the opportunity and the increase in phishing, ransomware, and other cybercriminal attacks certainly reflects this awareness.

To manage the crisis, many companies are invoking large portions of their business continuity plans. But, never in my career have I seen a business continuity plan that anticipated this scenario; however, here we are. How should we ensure cybersecurity protocols, incident response readiness, and ultimately, resiliency in our organizations in the face of a protracted crisis where uncertainty is more the rule than the exception?

To bring clarity to the remainder of this discussion, I need to characterize three terms: cybersecurity, incident response, and operational resilience.

Cybersecurity is the convergence of people, processes, and technology to protect organizations, individuals, networks, devices, and data from digital attacks and theft.

Cyber incident response is directed by an incident response plan, a set of instructions to allow an IT team to detect, respond to, and recover from network security incidents including cyberattacks, data theft, and network or system outages.

Operational resilience is a carefully assembled assortment of approaches that allow people, processes, and information systems to adjust when confronted with changing business conditions. Typically, an effective business continuity plan directing the quick return of a company’s systems to functionality is critical to operational resilience. Though many organizations have great business continuity plans to address fire, floods, storms, and other acute emergencies, few have addressed the evolving crisis inflicted by the COVID-19 pandemic.

In short, cybersecurity measures protect your organization, incident response plans enable an effective response to inevitable cyber incidents, and operational resiliency ensures recovery when unpredictable emergency strikes. By asking yourself the right questions and developing the right action plans, you can better secure your organization come what may.

Cybersecurity, Cyber Incident Response, and Operational Resilience Preparedness Questions

Cybersecurity Questions

The following are a few cybersecurity questions to ask yourself. For a more complete cybersecurity question list, click here.

  • Have I acquired and internalized the necessary at-home working guidance?
  • Do I understand the remote environments in which employees are operating?
  • Does my business have a means of authenticating communications with employees?

 Incident Response (IR) Questions

These are just a few important IR questions. For a more complete cyber incident response list, click here.

  • Does my IR readiness plan fully account for a largely or completely remote workforce?
  • Have I tested my cyber incident response plans? Is the test still valid, given the current operational context and modes of working?
  • How will I maintain critical communications with my staff, customers, and other stakeholders?

Operational Resilience Questions

Ask yourself these sample operational resilience questions. For a more complete operational resilience list, click here.

  • Do I understand what my business-critical processes and operations are and where the single points of failure or stress points are for each?
  • Do I understand how my staff is working and what tools, systems, and networks they are using—both official and unofficial?
  • Does my current business continuity plan cease to work at some point? What is the plan as we approach that point? How might the remote working constructs in the supply chain (upstream and downstream) affect my business?

These are complex times, requiring a great deal of thought and technology resources. If you need help improving your cybersecurity, cyber incident response, and operational resilience SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or learn@silversky.com.