In an era of constant change and upheaval, would any organization dare to carry on without a business continuity plan (BCP)?
Well, apparently, yes. In a 2020 survey by Mercer, more than 27 percent of respondents admitted to having no BCP in place. And nearly 24 percent said they’re still working on it. That means more than 50 percent of those companies have no clear idea of how they’ll keep operating in the event of a disaster, and no list of things to do if there’s a hurricane, a fire or another pandemic. In other words, they’ll have to make it up as they go along.
That’s obviously not an ideal state of affairs. But the absence of cybersecurity planning makes the lack of a BCP even more dangerous. The ever-increasing sophistication of the world’s cybercriminals means that the risk of having no cybersecurity plan grows more serious with each passing year. To understand why, it’s helpful to review the history of corporate risk management.
Before the mid-twentieth century, risks to business could be covered by insurance against fire, flood and theft, with maybe a fireproof safe added to protect a company’s most important documents. The list of possible calamities was short, and it was unlikely that any one disaster could wipe out a business.
And then came the information age. In the early years of business computing, systems were typically built around a single vendor, such as IBM. The responsibility for safeguarding and recovering data was written into service contracts, and in any case, the vulnerability of a stand-alone, unconnected computer remained low. But as businesses in the 1980s grew more reliant on multi-vendor computing, it became clear that disaster recovery was more than a technical task. It was, in fact, crucial to the continued functioning of the organization.
For decades, the focus remained on disaster recovery. The emerging field of business continuity had yet to make its case. But on 9/11, its importance became obvious. Some of the companies in the World Trade Center had all their physical assets located in the towers, leaving their surviving personnel unable to resume operations. In response, the U.S. government soon established new guidelines around business continuity planning for companies playing a critical role in the nation’s economy.
Unfortunately, those new regulations couldn’t have anticipated the even greater threat of modern cybercrime. To understand the potential of a cyberattack to bring an enterprise to its knees, you don’t have to look beyond the Colonial Pipeline attack from this past May. Equipped only with Ransomware as a Service, a criminal gang managed to shut down the delivery of gasoline and jet fuel to America’s East Coast for six days. A subsequent investigation revealed that the hackers gained access to Colonial’s entire network through a single password stolen from a legacy VPN that lacked multifactor authentication.
All by itself, the Colonial shutdown should make one fact abundantly clear: If your BCP proposes merely a response to a cyberattack, you’re already too late, and your enterprise will be stopped dead in its tracks. In a world where ransomware can be rented, your BCP must anticipate cyberattacks in ways that will prevent them altogether.
Tehama can help. We understand and solve the problems presented by human carelessness and legacy technology. Tehama’s all-in-one Desktop as a Service (DaaS) provides zero-trust remote access to your corporate networks. Our enterprise-ready virtual desktops give you built-in security, scalability, compliance and workflows. Along with complete control of your security, you’ll have the ability to add or remove thousands of cloud desktops instantly. Tehama is fully automated and infrastructure-free. Plus, our plans are flexible and pay-as-you-go, with no contracts or hidden charges to complicate your decision.
When formulating a BCP, cybersecurity should be the first thing on your mind. With Tehama, it will be the last thing you have to worry about.
We invite you to book a free demonstration of Tehama here.