Can your business function without IT? IT is the nervous system of modern business, moving data up and down the backbone of every concern of any size. From enterprise resource planning (ERP) to payroll to word processing and spreadsheets, computing is ubiquitous and second nature to the workforce. As part of a network, backed up to remote servers, or operating in the cloud, IT is pervasive and necessary to the successful function of commerce worldwide. IT has become entrenched in the business universe because it increases productivity and reduces costs while enabling worker collaboration, sales support, automation, and more.
And yet, for decades now, cyber operations have been vulnerable. Originally a moth was enough to gum up the works, but software bugs have existed from the first written program. Viruses have been with us since the early days of ARPANET. For years, data has been protected through backups and encryption, and, with the prevalence of networks and the internet, firewalls and intrusion detection systems.
Cyberattacks often end badly
This sort of protection is necessary because cyberattacks often end badly. According to the Cyber Readiness report by the British insurer Hiscox, nearly half of all companies reported a cyberattack last year, with one in five saying those attacks threatened their solvency. Sixty percent of small businesses won’t survive one. A network that can be managed remotely can be accessed by bad actors.
Threats don’t even need to be the result of evil intent. Many are, from last year’s Colonial Pipeline ransomware hack to the automation software provider Kaseya. Most recently, a Russian denial-of-service attack hit 13 US airports. But there are hackers who are hobbyists, too, who can cause trouble without intending to. If they can get in, so can someone else. What a hobby hacker might find could also have been found by a bad actor; IBM famously discovered that it can be 206 days before a security breach is found on an organization’s servers.
Your employees can be a cause, too. They may not be using the system properly, or have more access than they should have and cause problems accidentally. “You’ve got mail” might as well be subtitled “you’ve got malware.” Employees can be trained to avoid the obvious issues, such as easy-to-hack passwords, but that isn’t enough. The pandemic put more workers at home with access to company systems from home networks that are often less secure — as is any environment where workers can bring their own devices.
A cybersecurity violation may be unavoidable even with constant attention and staying abreast of the latest news. The ability to handle these problems quickly is not certain, and they are many. Downtime can affect every system or department that relies on company computers, servers, and networks. Operations can grind to a halt without the ability to control production, which can incur costs from missed delivery dates to the expense of solving the cybersecurity problem and the overtime for catching up. Compromised data — identity theft, corporate secrets, and more — can be the heaviest burden of all. Any of these can metastasize from the original small problem.
Business continuity to the rescue
With the stakes so high should cybersecurity be violated, planning for business continuity and disaster recovery is necessary. Updates should be kept abreast of, security software used, and a reliable backup plan implemented. Most operations are already doing this.
Business continuity (BC) is the process of keeping the company going after a disruptive event. Cyberattacks are definitely disruptive. Disaster recovery (DR) planning identifies and delineates the steps to take to overcome a disruptive event. Undertaking a BC/DR plan should be a high priority for any company with any reliability on digital technology at all.
Business impact analysis
The process should begin with a business impact analysis (BIA). Companies can do a BIA for their entire organization, but it would make sense for a CTO or IT manager to conduct one strictly for IT. Nonetheless, it will involve every department in the company that works with a computer. That’s because how they function will affect the plan — and might also reveal worrisome unanticipated practices.
The BIA should identify all systems and functions. Any computer or node is a risk, even the digital camera that uploads photographs for employee ID badges. When you’ve inventoried everything, build a plan for securing those devices, networks, and systems in the event of an attack. Organizing the plan into a checklist will make it easy to follow when disaster strikes — whether ransomware or a denial-of-service attack. Test the plans with a tabletop exercise with a third-party facilitator; have representatives from each department walk through the recovery process and who does what. This will find flaws and omissions in the plan that can be reworked and retested. It’s finished when every department signs off, but don’t stop there. Repeat the process often; it’s the shampoo that will keep the business running as safely as possible and bounce back from anything anticipated.
BC In The Cloud
Infinite Blue’s BC in the Cloud handles this. It provides an easy-to-learn-and-use relational database that users can plug most of their assets and concerns into right out of the box. It’s customizable, letting a CTO or IT manager (or a marketing manager) enter data, assess the risk of each item, and access the latest data from a desk or half a world away. It scales, too, so a division can use it or an entire global enterprise.
Ignore BC/DR for IT, and the bad things discussed above can and will happen. In fact, they’ll be worse. Don’t overlook the slightest possibility. An employee’s personal Google password compromised Cisco! With the entire company at jeopardy, half-hearted solutions must be avoided. A systematic plan will provide the resilience necessary to withstand intrusions and errors, and a commitment to implementation and revision will keep that plan fresh. Any company with a BC/DR plan should be working toward its next revision; any company without a BC/DR plan should start now.
Everbridge provides customers with a complete solution that digitizes organizational resilience. As a leader in the field, Everbridge offers a suite of powerful tools to help financial organizations know earlier, respond faster, and improve continuously.
Fusion center software: breaking down the traditional, siloed approach to security
Critical events are increasingly severe – natural disasters, extreme weather, workplace violence, civil unrest, terrorism, cybercrime, and more. Some threaten the safety of people: employees, contractors, customers, and visitors. Some threaten physical assets: buildings and campuses, equipment, and inventory. Some threaten extended business operations: suppliers, partners, and logistics. Some threaten digital infrastructure: hardware, software, sensitive data, and intellectual property. Inevitably, many critical events put all of these things at risk.
Today’s divided approach to cyber security and physical security has put many companies in a disadvantaged position when it comes to preparing for and responding to events that threaten both physical and digital assets. Just as companies are taking on transformation initiatives to break down silos residing within data repositories, IT systems, business units, regional offices, and more, visionary business leaders are realizing that they need to take a unified approach to critical event management regardless of whether the event threat is physical, digital, or both.
Digital and physical security go hand-in-hand
Threat profiles are getting increasingly difficult to categorize. Many physical threats like extreme weather and natural disasters can be equally catastrophic for physical assets and digital systems alike. Many cyber threats like phishing and ransomware attacks compromise digital networks which, in turn, may lead to cyber attackers controlling the company’s physical systems.
Every critical event is unique. However, one maxim applies across the board: The more time passes without a swift, decisive and orderly response, the greater the impact on your people, assets, and business operations, and the fewer options you may have for responding. Forward-looking, resilient companies are now integrating cyber and physical security to facilitate a decisive, orderly, and rapid response to critical events.
How does merging cyber and physical security improve efficiency?
When a critical event occurs, regardless of the cause or the potential impacts, companies have a duty of care to keep their people safe and the organization secure, both from a physical plant and a digital infrastructure perspective. Security personnel must be able to respond to all critical events according to a consistent set of operating procedures.
During a crisis, security personnel need to:
- Determine who or what may be affected
- Assess the relevance and relative magnitude of the threat
- Respond accordingly
- Communicate clearly
After the critical event has passed, security personnel need to:
- Analyze their actions
- Learn from their response so that they are even better prepared to respond to the next critical event
Full visibility of the threat and its impacts is imperative. Being able to integrate risk frameworks, business processes and crisis response enables teams to view both physical safety and digital security as clearly as possible. Integration and centralization allow for expedited management of incidents as they emerge and fuel continued operational resilience.
Taking a unified approach to digital and physical security pools valuable resources, centralizes data analysis, and accelerates response times, which may save lives, protect infrastructure, and preserve business continuity. By responding quickly to any type of threat with decisive, prescriptive action and instructions, enterprises can better protect their people and minimize damage to their facilities. This reduces company liability and minimizes the scope of disaster recovery efforts needed. Saving lives while saving money is a win-win for all.
Fusion center software: how to integrate digital and physical security
Security teams need to attend to three key concerns:
- People safety
- Physical safety
- Digital infrastructure protection
Companies on the vanguard of integrated security are building fusion centers to merge physical and digital security capabilities in order to enhance their overall security posture around these three primary concerns.
But what is a fusion center? According to StateTech Magazine, fusion centers, or cyber fusion centers, are centralized workspaces that “integrate multiple data sources into a single, cohesive picture, allowing users to assess a situation in real-time and make decisions quickly.” StateTech also says that fusion centers “bring together people and data to better coordinate responses to threats.”
While fusion centers initially gained a foothold in the public sector (according to the U.S. Department of Homeland Security, there is at least one cyber fusion center operating in each of the 50 U.S. states currently), private enterprises are recognizing the value of a centralized and unified approach to critical event management and are now investing in bringing their own fusion centers online.
Data is the key to integrated digital and physical security. Fusion centers centralize data feeds from as many different sources as your company can supply. These include HR and ERP systems, IoT devices, video surveillance, local scanners, contact tracing apps, visitor logs, and much more. By centralizing all data feeds in the fusion center, integrated security teams can quickly assess the critical event at hand, its potential impact, and act accordingly to maximize safety, minimize damage, and review the effectiveness of the response.
Everbridge: your partner for critical event management via intelligent automation
Regardless of whether an enterprise deploys a fusion center or maintains a more traditional approach to physical and digital security, a manual approach to crisis response is completely inadequate. Organizations need automated tools engineered to increase enterprise resilience. To capitalize on the disparate yet relevant data available to inform swift and decisive action against critical events, Everbridge can power a fusion center for business with its Critical Event Management (CEM) platform. CEM leverages intelligent automation and helps enterprises protect what matters most.
Regardless of whether an enterprise deploys a fusion center or maintains a more traditional approach to physical and digital security, a manual approach to crisis response is completely inadequate. Organizations need automated tools engineered to increase enterprise resilience. To capitalize on the disparate yet relevant data available to inform swift and decisive action against critical events, Everbridge can power a fusion center for business with its Critical Event Management (CEM) platform. CEM leverages intelligent automation and helps enterprises protect what matters most.
- Control Center: integrate and maintain control of your physical assets
- xMatters: automates incident management, ensuring service reliability for DevOps and Ops teams.
- Risk intelligence: deliver actionable information that helps reduce risk wherever your people live, work, or travel
- Everbridge 360: streamlines critical event management with a unified, comprehensive interface.
Everbridge CEM is the fusion center software for emergency preparedness and response that thousands of private sector companies and public sector organizations rely on to keep their people safe and their businesses running.
Everbridge helps organizations mitigate the risk and impact of cyber threats with over 20 years of expertise in critical event management. Our integrated software enhances prevention, aids early detection, and assists with rapid response, empowering IT leaders to safeguard their digital operations effectively.
You’ve done it. You’ve completed business continuity planning for your organization! Congratulations, that means you’ve put in a lot of work to ensure your business can withstand whatever comes your way. But even the best business continuity plans need to be tested. If you don’t run tests or exercises on your plans, you won’t be aware of any gaps or mistakes until it’s too late. Luckily, there are lots of ways to exercise your business continuity plans and make sure your organization is ready for any issue that may arise.
Types of business continuity exercises
Desktop walkthroughs and workshops
These types of exercises require the least amount of effort from your team, so this is a great starting point. During a desktop walkthrough or workshop, you’ll walk the team through a scenario and have them relate how they, according to their plan, will respond. They will have an opportunity to determine their involvement and notice any potential issues with the plan. This is a great familiarization process and providing your team with this overview can also help them understand the importance of having a business continuity plan for your organization.
Tabletop exercise
In this type of test, you’ll bring together your recovery teams (the core groups of people responsible for the recovery of your organization) and a facilitator, who will guide you through a scenario. Each member of the team will be responsible for explaining their recovery process and responsibilities, which familiarizes everyone with the full chain of events that need to happen during a recovery situation. It’s best to bring in a third-party facilitator so all members of the continuity program can participate and also to get an unbiased opinion of your plans and expert advice on any areas for improvement.
Functional exercise
Use this type of exercise to test your team’s ability to perform their duties in a simulated operational environment. Activities for this type of exercise are usually focused on a situation like failure of a critical business function or a specific hazard scenario. This type of exercise helps to test specific team members, procedures, or resources such as communications and notifications.
Full-scale exercise
This will be the closest to a real-life incident you can get. This type of exercise is costly, will take much longer, but will ensure that each component is fully tested, as if the incident was actually occurring. In a full-scale exercise, it’s likely you will need to include more people and potentially let vendors or outside agencies know what you are doing, if they are places your business relies on to function.
If your organization is new to business continuity planning, it’s best not to start with a full-scale exercise and instead look into running a walkthrough or tabletop exercise. Giving your team an overview of your plans and processes will allow them to feel more secure and will make sure they know that your business is ready for whatever comes. Once you’ve tested in these low-impact ways, consider running a functional or full-scale exercise. These higher-impact tests will take longer and require a lot more effort from you and your team so make sure you take the time to prepare accordingly. If your organization uses business continuity management software, you’ll be able to easily run exercises through your application and see real-time data on the results.
Measuring the success of an exercise
When your exercise is complete, always hold a debriefing session as close to the timing of the exercise as possible, so everyone’s feedback is fresh in their minds. Designate one person to take notes so nothing is lost, and if you are working with a facilitator, let them lead the team through a feedback session. Anonymous surveys are a great way to solicit feedback without putting anyone on the spot and can sometimes provide you with more honest feedback. Once you’ve gathered all the suggestions, go through your plan again, making changes where they are needed.