Does Your Disaster Recovery Plan Account for a Cyber Attack?

Cyber vulnerabilities are increasing daily and have pushed companies, large and small, into planning for these new occurrences. Now is the time to include cyberattacks into the Business Recovery and Disaster Recovery Plans of the organization.

What connection points can be hacked?

• Incoming public and private network connections including routers, switches and firewalls can be infiltrated
• Equipment that supports the IT environment like servers, storage and printers
• Operation programming components that make the IT equipment work including operating systems, subsystems and applications
• Even the phone and process control systems that support the facility equipment and machinery

What should be part of the plan?

• Identify the threat: This can be a daunting task, since it may not be obvious that the operational impact or the physical damage was caused by a cyberattack. If the attack was for ransom purposes, it will most likely be communicated. However, if it was for retribution or publicity, there may be no communication at all.
• React to the attack: The person identifying the problem needs to know who to contact and what immediate actions should be performed. The first actions taken could stop the damage or make it much worse.
• Stabilize the Operation: The full extent of the damage needs to be assessed and the plan needs to be executed to:
  • Stop the failing equipment or process
  • Isolate the problem areas
  • Decide what parts of the business can continue
  • Develop alternate work schedules
  • Make arrangements for support groups and
    forensic services
• Mitigate the damages: See what can be reclaimed and determine if the operation can run in degraded mode, manual mode, or at the disaster site
• Recover the operation: The recovery effort will be directly proportionate to the amount of damage that was incurred. This includes both physical damage to equipment and the impact on the business in terms of lost revenue, damaged goods, perishable goods, penalties, and fines
• Prevent reoccurrence: The Disaster Preparedness Plan needs to be updated with processes and procedures to prevent a similar occurrence from happening again

No matter how many safeguards you have in place, the unfortunate reality is that cyber incidents still occur. Responding in a comprehensive manner, however, will reduce risks to your business and send a positive signal to your customers and employees. Businesses should have a cyber incident response plan ready to go prior to a breach. In it, companies should embrace savvy practices such as disconnecting any affected computers from the network, notifying your IT staff or the proper third-party vendors, and utilizing any spares and backup devices while continuing to capture operational data.