Cyberattacks are a business problem. For that reason, Business Continuity Managers need to be a part of the solution, if only because responding to attacks is highly disruptive to an organization.
This above all is a task for Business Continuity, which needs to stress the importance of limiting downtime as an equal measure of effectiveness with restricting data loss. Business Continuity Managers need not be deep technical experts to play a part.
Make plans to join Continuity Insights for Cyber-Resilience: What Business Continuity Managers Can and Must Do, a new webinar that will address the practical decisions that need to be made by the Business Continuity team when dealing with cyberattacks.
The webinar is scheduled for Wednesday, May 26, 2020, at 2:00 p.m. ET. We’ll be joined by Steven Ross, Executive Principal of Risk Masters Inc., who will present a Business Continuity perspective. [Register]
Yes, IT is responsible for implementing countermeasures, but they are not the ones to specify business priorities for continuing operations. Once again, that’s the responsibility of Business Continuity.
Amongst the most important of the aforementioned practical decisions are calculating the total cost of downtime and determining sustainable downtime, which is NOT the same thing as RTO. RTO is the measure of the desired time for restoration, which may not be the same as what is possible.
Thus, Business Continuity needs to work with IT operations to understand the realistic time needed to recover from an attack. Business Continuity should advise management on directing investments towards reduction in the meantime to contain and repair and include these measures in Business Continuity testing.
Register for Cyber-Resilience: What Business Continuity Managers Can and Must Do here.