When a data breach occurs, and the extent of data loss is known, the next question every one asks – customers, stakeholders, and regulators alike – is what did the organization do to prepare for the attack? Traditional Disaster Recovery (DR) and Business Continuity (BC) planning is no longer sufficient to weather the inevitable cyberattack.
Last year saw an increase in data breaches for the healthcare and retail sectors. And, costs are on the rise: Ponemon’s 2014 Cost of a Data Breach Study: United States estimates the average cost of a data breach to be up about 10 percent from the previous year to roughly $5.9 million, with a cost per record of $201. In fact, the study identifies two strategies for bringing these costs down: business continuity management can reduce the per-record average by $13, while having a formal incident response plan brings the per-record average down by $17.
Most DR plans are focused on recovering IT resources and infrastructure through redundancy, while breach management is centered on shoring up gateways. Mirrored networks, remote backup and replication all represent potential breach risks. Unlike natural disasters, breaches can target several geographically dispersed sites at once, requiring a DR plan that accommodates simultaneous outages. A DR plan will not normally cover the aftermath of a cyber attack, though, such as how to handle the leak of data or information to the public.
The backbone of a robust BC plan is a Business Impact Analysis (BIA) that accounts for internal and external interdependencies. With crucial executive support, the BC plan is centered dually on protecting employee health and safety and continued, company-wide revenue generation; both require pre-incident planning that recognizes the interconnectedness of business units, as well as IT and personnel networks. Since a BCP focuses on the business side of a disaster, and not as much on the technical side, though, a data breach requires a DR/BC plan specially attuned to recovering any destroyed data or systems.
The Cyber Incident Response Plan (CIRP)
The CIRP is a hybrid approach to DR/BC that represents an expansion of the umbrella that is the overall Business Continuity Program (BCP). The BCP combines technology recovery with continued operations, while the CIRP augments the BCP, bringing in cybersecurity personnel and third parties. An effective CIRP will provide for management of the following three factors:
- Forensics – internal and external IT personnel and software to discover how they got in and heal the breach
- Impacted regulatory compliance – regulatory, government, and legal teams to identify and remediate compliance gaps
- Breach notification – public relations teams, as well as identify theft and credit monitoring services and call centers
The key to a successful CIRP is a joint task force mentality in which diverse groups of people co-strategize to construct resilient infrastructures while planning for the inevitable cyberattack. Once the plan is drafted, though, maintenance and testing are essential and should be a defining factor of the BCP.
To learn more about Accudata’s BCP services, including Disaster Recovery and Business Continuity Planning, as well as developing a BIA or Incidence Response Plan, contact Brian DiPaolo, Advisory Services Practice Director, at firstname.lastname@example.org.
Brian DiPaolo | Advisory Services Practice Director
Darryl Vinson | Senior Consultant
Michael Lay | Senior Consultant