Organisations should test-drive business plans for continuity and cyber-resilience
FYI, this story is more than a year old
Most organisations fail to appreciate the importance and benefits of testing when it comes to business continuity and cyber-resilience, according to disaster recovery solutions provider Continuity SA.
Rehearsals are critical, but testing is much more than that.
The often overlooked benefit of testing is that by feeding the results of each test back into the business continuity plan, the plan becomes better in every way.
Wayde Anderson, Continuity SA client service manager says, “We live and breathe testing because we know that the only way to ensure that a business continuity plan actually works is to test it rigorously and frequently.
“A disaster is no time to find out that the plan has serious flaws.”
The same logic holds when it comes to cyber-resilience.
The Business Continuity Institute’s Cyber Resilience Report revealed that two-thirds of organisations had experienced at least one cybersecurity incident during the previous year, and 15% had experienced at least 10.
Organisations need to improve their ICT system’s ability to withstand any attack and to recover from if their defences are breached.
The first order of business is to ensure that cyber security is integrated into the business continuity plan, and thus into the regular testing cycle.
Testing, and particularly crisis simulations and penetration testing, help identify weaknesses and also help to refine the business continuity plan.
Incident management, which naturally forms part of a test, also contributes to cyber-resilience because how an unexpected incident is managed is critical to limiting the damage it causes, both in the short and long terms.
In short, organisations testing their cybersecurity measures will initiate a virtuous cycle of improvement, acting as a training regime to keep their cybersecurity in peak condition, and thus building resilience to even the unexpected.
Crucially, it enables organisations to take a proactive stance against cybercriminals, to be prepared for whatever they do.