Why Is Cyber Security a Hot Topic in Business Continuity?

Rachelle Loyear
Enterprise Director of Business Continuity Management
Time Warner Cable

October 2015

So you’ve put all of your protections, walls, rules and scanners in place. Whew! But then…a zero-day exploit finds you anyway and your company gets hacked. Attackers get into your network, disrupt your services, compromise your customer PII or publicize internal emails. Now what?

Sony was hacked and went from being a highly respected company to a subject of media ridicule for their handling of a cyber-attack. Target was hacked, suffered a massive hit to customer confidence that could have long-term impact and lost millions in sales. In both cases, executives lost their jobs for the way they handled the crisis.

That’s where Business Continuity Management (BCM) comes into play. You’ve likely heard the terms “crisis management,” “disaster recovery,” and “business continuity plan.” That’s good, because those are the plans that will help you get back up and running. They all work to respond to a crisis and are all vital to your business’s ability to weather a storm, whether it’s a cyber-storm, network interruption or a real hurricane.

What Are the Major Things You Need To Consider for Cyber BCM?

Step 1 for a Crisis Event: Immediate and Appropriate Response

  • Crisis management is a plan to handle the event. It’s one of the most important parts of business continuity management. How are you communicating internally to make sure recovery is happening? Who is talking to the public, the media, your customers—and what are they saying? Companies that get in front of the crisis, admit it’s going on and keep customers informed have a much better chance at retaining those customers than companies that try to hide an event. The cover-up always makes it worse.

  • At a minimum, your crisis management plan for cyber events should include:

    • A crisis team with executive decision-making representatives and communications/media members, with defined roles for each team member
    • A technical response team
    • A defined restoral process with key vendors and network service partners
    • Clear reporting methods for a cyber event
    • Escalation timelines and trigger points

Step 2 for a Crisis Event: Restoring Services and Confidence

  • Disaster recovery generally refers to technical plans in place to bring your network and systems back online after a crisis. Your plan should include:
    • Documentation on how to restore mission critical network and cloud based IP apps, data and systems
    • Failover, network diversity and back-up protection
    • Vendors on call to expedite network service, system restoration and hardware replacement
    • Teams of employees ready to respond as needed

  • Business continuity is your plan for getting back to normal. How are you going to catch up on work? How are you going to process missed orders? How will you get lost information such as big data, customer records etc. replaced and build back customer goodwill?

The details of building out all of these plans and programs are more than can be covered in one blog post, but all of them should be part of your overall business risk management program.

Rachelle Loyear leads business continuity planning, testing, training and logistics for Time Warner Cable. With eight years of experience in security, business continuity planning and crisis management, Rachelle is a certified MBCP though DRI and PMP through PMI, and an Associate Fellow of the Business Continuity Institute.