If your business continuity plan doesn’t include cybersecurity, we need to talk

Chuck Thibert

Chuck Thibert

Jul 29, 2021


4 min read time

If your business continuity plan doesn’t include cybersecurity, we need to talk

In an era of constant change and upheaval, would any organization dare to carry on without a business continuity plan (BCP)?

Well, apparently, yes. In a 2020 survey by Mercer, more than 27 percent of respondents admitted to having no BCP in place. And nearly 24 percent said they’re still working on it. That means more than 50 percent of those companies have no clear idea of how they’ll keep operating in the event of a disaster, and no list of things to do if there’s a hurricane, a fire or another pandemic. In other words, they’ll have to make it up as they go along.

That’s obviously not an ideal state of affairs. But the absence of cybersecurity planning makes the lack of a BCP even more dangerous. The ever-increasing sophistication of the world’s cybercriminals means that the risk of having no cybersecurity plan grows more serious with each passing year. To understand why, it’s helpful to review the history of corporate risk management.

Before the mid-twentieth century, risks to business could be covered by insurance against fire, flood and theft, with maybe a fireproof safe added to protect a company’s most important documents. The list of possible calamities was short, and it was unlikely that any one disaster could wipe out a business.

And then came the information age. In the early years of business computing, systems were typically built around a single vendor, such as IBM. The responsibility for safeguarding and recovering data was written into service contracts, and in any case, the vulnerability of a stand-alone, unconnected computer remained low. But as businesses in the 1980s grew more reliant on multi-vendor computing, it became clear that disaster recovery was more than a technical task. It was, in fact, crucial to the continued functioning of the organization.

For decades, the focus remained on disaster recovery. The emerging field of business continuity had yet to make its case. But on 9/11, its importance became obvious. Some of the companies in the World Trade Center had all their physical assets located in the towers, leaving their surviving personnel unable to resume operations. In response, the U.S. government soon established new guidelines around business continuity planning for companies playing a critical role in the nation’s economy.

Unfortunately, those new regulations couldn’t have anticipated the even greater threat of modern cybercrime. To understand the potential of a cyberattack to bring an enterprise to its knees, you don’t have to look beyond the Colonial Pipeline attack from this past May. Equipped only with Ransomware as a Service, a criminal gang managed to shut down the delivery of gasoline and jet fuel to America’s East Coast for six days. A subsequent investigation revealed that the hackers gained access to Colonial’s entire network through a single password stolen from a legacy VPN that lacked multifactor authentication.

All by itself, the Colonial shutdown should make one fact abundantly clear: If your BCP proposes merely a response to a cyberattack, you’re already too late, and your enterprise will be stopped dead in its tracks. In a world where ransomware can be rented, your BCP must anticipate cyberattacks in ways that will prevent them altogether.

Tehama can help. We understand and solve the problems presented by human carelessness and legacy technology. Tehama’s all-in-one Desktop as a Service (DaaS) provides zero-trust remote access to your corporate networks. Our enterprise-ready virtual desktops give you built-in security, scalability, compliance and workflows. Along with complete control of your security, you’ll have the ability to add or remove thousands of cloud desktops instantly. Tehama is fully automated and infrastructure-free. Plus, our plans are flexible and pay-as-you-go, with no contracts or hidden charges to complicate your decision.

When formulating a BCP, cybersecurity should be the first thing on your mind. With Tehama, it will be the last thing you have to worry about.

We invite you to book a free demonstration of Tehama here.

Shape line

Read More

Overcoming the challenges of securing & scaling today’s hybrid workforces

Overcoming the challenges of securing & scaling today’s hybrid workforces

With cybersecurity incidents on the rise, CISOs have a lot keeping them up at night these days. Not only does their job description usually call for long hours to ensure the timely, efficient delivery of secure applications and data to stakeholders, the ongoing pressure of an evolving threat landscape can lead to near-constant stress, and even the fear of getting fired according to a recent survey, which can impact both their mental and physical health. Additionally, there are other outside factors compounding the situation including the complexity associated with juggling the increasing number of endpoint device types (i.e. smartphones, tablets,…
The costs and likelihood of cyber attacks are rising quickly. Here’s what to do about it

The costs and likelihood of cyber attacks are rising quickly. Here’s what to do about it

When cybersecurity firm Mimecast discovered in early 2021 that its systems were compromised, it wasn’t because hackers targeted the company itself. Rather, one of its suppliers had been. And not just by any hackers, either. The culprit in this case, according to experts? The APT29 entity, a group often associated with Russia’s Foreign Intelligence Service (SVR). That’s just one example of the increasingly complex array of existential threats faced by modern organizations – and the threat landscape is only getting worse. Not only do the costs of a cyber attack or data breach rise practically by the day, but so…
Subscribe Here!

Get Tehama insights sent straight to your inbox!