Confidentiality, Integrity, and Availability — these are the three primary components of Cybersecurity. Today’s article focuses on the Availability pillar. Aside from traditional systems and business disruptions, COVID-19 brought the concept of being resilient as an organization to a new level. Organizations that didn’t have documented incident response and business continuity plans found themselves flat-footed and unable to provide availability to their key stakeholders. According to organizations, such as Gartner, the average cost of IT downtime is $5,600 per minute. In fact, it can average $300,000 an hour for large organizations.
Defining the Pillar of Availability
At a high level, availability essentially means that authorized users should be able to access data and services whenever they need to do so. Although this seems trivial on the surface, it is critical when discussing the business implications. Nowadays, business users and consumers expect systems and services to be available, on-demand, and with minimal to no downtime. When you have a customer-facing service or revenue-generating website, an impact on availability could be devastating from both a financial and customer trust perspective. If you fail to provide that availability, consumers will quickly find an alternative, possibly for good.
Downtime can impact your organization in a few ways. It can result in losses in productivity, revenue, and data. Additionally, it can have a brand impact. if you have service level agreements in place, there can even potentially be legal implications.
Understanding Incident Response & Business Continuity
The concepts of Incident Response and Business Continuity are within the domain of availability. From both a system and an organizational perspective, these activities and practices are key to maintaining availability. In the context of cybersecurity, NIST defines Incident Response as a “structured process used by organizations to detect and respond to cybersecurity incidents.” It is essentially having a plan and process in place to respond to incidents as they occur. It has a goal of avoiding or at least mitigating disruption to operations. Also, the concept of Business Continuity is closely related. This is the organization’s ability to continue to operate during an unplanned disruption in service.
The Approach of Implemention
Knowing that incident response and business continuity are key to maintaining availability. However, it is essential to follow through with actually implementing these practices, processes, and capabilities. The process of implementation is certainly different than simply knowing that these concepts are key.
Many organizations find themselves asking where to start. A couple of great things to start with is NIST’s widely utilized “Computer Security Incident Handling Guide.” This helps layout fundamentals. These fundamentals include understanding what incidents are, what incident response and business continuity are, and how to approach them.
Playbook Practices
Part of the approach should include things such as Business Continuity Plans and Incident Response Playbooks. These artifacts help guide your organizational stakeholders when incidents and disruptions occur. This could include key organizational points of contact, external stakeholders, contact trees, response steps and activities to perform, and more. Another great resource is industry leader SANS Incident Handler’s Handbook. This guidance helps IT processionals plan and prepare for the unexpected.
As many start working to implement incident response practices, one key activity is establishing playbooks. These are standard IR and industry best practices along with organizational-specific information. Organizations can apply the information and practices during incidents to mitigate the impact. For example, a great starting point is the Incident Response Consortium’s Playbooks Gallery. It includes several playbooks for common cybersecurity incidents such as malware, phishing, unauthorized access, and more.
One last thing worth emphasizing is how incident response and business continuity are much like a muscle. If you don’t exercise, it atrophies. You need to use these playbooks and plans and execute tabletop exercises. These are essentially dry runs of your incident response and business continuity plans. You don’t want the first time you use these Incident Response Plans (IRP) and Business Continuity Plans (BCP) to be when there is a real-world incident. Exercise helps keep things fresh, identify gaps, and lead to iterative improvement to ensure the plans are effective when needed.
Final Thoughts
In today’s digitally connected and driven environment, don’t let business disruption and system incidents compromise your organization’s ability to deliver value to those who rely on it. To do this, focus on implementing incident response and business continuity capabilities that are well oiled and exercised. If you solidify incident response and business continuity plans, your organization will be well equipped to respond accordingly when needed. Failing to prepare could have financial and reputational consequences, some of which your organization may never recover from.
