Cybersecurity as a Major Threat to Business Continuity

Our recent Business Resilience & Insights Report delves into some of the top trends in the business continuity landscape. The first half of 2021 saw significant cyberattacks shut down companies, raising cybersecurity to one of the most critical aspects of business continuity to focus on as we move forward. 

National Security Council Guidance

Following back-to-back ransomware attacks in the U.S. in May 2021, the head of cyber and emerging technology at the National Security Council, Anne Neuberger, wrote a letter to private sector companies on June 3rd urging leaders to review their cybersecurity posture as a significant risk to business operations and resilience.

The letter outlined immediate steps companies can take to protect themselves from ransomware attacks, including best practices such as multifactor authentication, endpoint detection and response, encryption, and a skilled security team. In addition, companies should back up data and regularly test systems, as well as update and patch systems promptly. Neuberger also advised that companies test incident response plans and use a third party to test the security team's work.

Top Challenges to Cybersecurity Programs

Leadership buy-in

Many organizations operate reactively rather than proactively when it comes to cybersecurity. They may not invest in prevention until the first major breach occurs. Additionally, robust cybersecurity can carry a high price tag, though the cost to your company's bottom line and reputation will likely be far higher in the event of a breach.

Outdated systems

According to IBM, many organizations' existing infrastructure "may not allow for easy recovery because they were not designed to be resilient against destructive cyberattacks." Cyberattacks are constantly evolving, and what worked one year to prevent an attack likely won't work the next.

Skill shortages

There is a severe shortage of skilled cybersecurity workers. According to the 2020 Cybersecurity Workforce, there is a shortage of about 3 million qualified workers, affecting 64% of organizations. When a cyberattack hits, that means more than half of organizations may be unprepared to respond to or prevent it.

Shifting to the cloud

Especially as a result of the pandemic, many companies had to take both internal and external operations online, exposing vulnerabilities easily exploited by hackers.

10 Steps Businesses Can Take

Here are ten steps provided by ISACA that businesses can take to be better prepared for and help prevent ransomware attacks.

1. Understand risk profiles
2. Realize data responsibilities
3. Test for incoming phishing attacks
4. Assess all cybersecurity roles on a regular, event-controlled basis
5. Evaluate patches on a timely basis
6. Perform regular policy reviews
7. Leverage threat intelligence appropriately
8. Protect end-user devices
9. Communicate clearly with executive leadership and employees
10. Comprehend organizational cybermaturity

Protect Your Business

Assembling an incident response team with cybersecurity training, educating employees, and performing emergency plan testing can significantly reduce the risk and cost of a data breach. These aspects are part of a holistic business continuity strategy and should be part of your business continuity plan to maintain operations for years to come.