Introduction
Ever since the COVID19 pandemic reached its peak last spring, many CISOs were left scrambling trying to deal with the new normal of a 99% Remote Workforce. One of the lessons learned is the dire need for Incident Response (IR) and Business Continuity (BC) plans. But there is still confusion between the two, and we separate out these differences in this article
What Incident Response & Business Continuity Are?
What An Incident Response Plan Is?
Technically speaking, an Incident Response Plan can be defined as follows:
“It is a set of instructions to help IT staff detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work.” (source:CISCO)
So put in simpler terms, an Incident Response means that you are reacting in a very proactive way, any security impacts that are affecting your business. Typically, many people think of this as a Cyberattack, which is most often the case. But these could also involve natural disasters. IR Planning means that you are acting on a specific threat vector at one certain point in time.
As it relates to the situation that we have now, a good IR Plan will dictate how you should mobilize your resources in a quick and efficient manner so that your remote workforce can be deployed in just a matter of a few hours versus the total number of days that it took this time.
Although this will be examined in much further detail in the next section, a good IR Plan will typically consist of the following, broad components:
- How it supports the goals and objectives of your overall Security Policy;
- What your approach to Incident Response will be;
- The various activities that are needed in order to effectively mitigate the threat variant at hand;
- Who the members of the Incident Response team will be, and what their specific roles are in a crisis situation;
- The communication process that will take place;
- The metrics that will be included in order to gauge the true effectiveness of your IR Plan.
It should be noted that it is bullet point #5 that is probably amongst one of the most important.
For example, you may have a great IR Plan on paper, but if the lines of communications actually break down in the event of a real time security breach, then this will all fall to naught.
Even before COVID19 hit, the CIOs and the CISOs were ill prepared for this kind of planning. For example, in a recent study that was conducted by the Ponemon Institute, the following was discovered:
- 77% of the respondents claimed that they do not even have an Incident Response Plan in place;
- Only 32% had any faith that their particular IR Plan would even work;
- 57% of the respondents claimed that the total time it takes to actually respond to mitigate a security breach is lengthening to unfathomable levels.
Thus, as CIO or CISO, you need to fully understand how the correlation of Incident Response impacts limiting more damage that is going to happen, and it is as easy as this: A timely Incident Response will greatly mitigate any more time that a Cyberattacker can reside from within your IT and Network Infrastructure and cause more damage. And of course, a timely response will only come from a rock-solid IR Plan.
What A Business Continuity Plan Is?
Once again in technical terms, a Business Continuity Plan can be defined as follows:
“It is a document that outlines how a business will continue operating during an unplanned disruption in service. It’s more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human resources and business partners – every aspect of the business that might be affected.” (Source: IBM)
In other words, after you contain the threat variant with the IR Plan, the next step is determining how you will proceed to resume normal business operations ASAP. The primary difference here with the Business Continuity (BC) Plan versus the Incident Response Plan is that the former will take a much longer time frame to achieve, depending upon the severity of the security breach that took place.
As a CIO or CISO, it is also very important to keep in mind that the Business Continuity approach will be more of a phased-in type.
For example, your first priority is to get those mission critical applications up and running first. This will be typically those applications that serve both your employees and customers. Then gradually from that point, you then need to gradually, in steps, resume back up to what you deem “normal business operations” actually are.
So as in the case with COVD19, the IR Plan will help you to mobilize your remote workforce quickly, and the BC Plan will then help you to keep your employees working from home (WFH) in a safe and productive manner for the long haul, if need be.
Being the CIO or CISO, you need to fully understand just how impactful any business downtime can have without having the right BC Plan in place. Consider these statistics:
- An infrastructure failure can cost a typical business at least $100,000 per hour;
- A critical application failure can cost in the upwards range of $500,000 to $1,000,000 per hour.
Conclusions
Now that the differences between the IR and BC plans have been reviewed, the next step is in actually crafting these document sets. This can be a daunting task for any company. There are many templates available on the Internet that you can use to create them, but it is highly cautioned that you do not take this kind of cookie cutter approach.
Rather, they need to be detailed towards the specific security needs and requirements for your business. In future articles, we will examine and detail some of the major components that need to go in both of these plans.
For questions on Incident Response or Business Continuity Plan, please reach out to speak to one of our Cybersecurity experts in Maryland today.
Frequently Asked Questions (FAQs) about Incident Response (IR) and Business Continuity (BC) Plans
IR plans focus on detecting, responding to, and recovering from security incidents such as cyberattacks or service outages, while BC plans outline how a business will continue operating during disruptions in service, considering various aspects like processes, assets, and human resources.
An IR Plan provides instructions for IT staff to detect, respond to, and recover from security incidents. It includes components like aligning with security policies, defining response approaches, outlining activities for mitigation, identifying response team members and roles, establishing communication processes, and defining metrics for effectiveness.
IR planning is crucial for organizations to respond promptly and effectively to security incidents, minimizing damage and downtime. Without a solid IR plan, organizations risk prolonged disruptions, increased damage, and loss of trust from stakeholders.
Challenges in IR planning include lack of awareness about cyber threats, insufficient resources for planning and implementation, breakdowns in communication during incidents, and skepticism about the effectiveness of existing plans.
A BC Plan outlines how a business will continue operating during unplanned disruptions in service. It encompasses contingencies for business processes, assets, human resources, and business partners, aiming to resume normal operations as quickly as possible after an incident.
While an IR plan focuses on immediate response and recovery from security incidents, a BC plan addresses the broader aspects of resuming business operations during disruptions, considering phased approaches and prioritizing critical applications and processes.
BC planning helps organizations minimize downtime, mitigate financial losses, maintain customer satisfaction, and uphold their reputation in the face of disruptions. It enables businesses to recover swiftly from incidents and resume operations with minimal impact.
Challenges in BC planning include accurately assessing risks and impacts, prioritizing critical processes and resources, ensuring effective communication and coordination during recovery efforts, and securing necessary resources for implementation.
Organizations can craft effective IR and BC plans by understanding their specific security needs and requirements, aligning plans with organizational goals and objectives, conducting risk assessments, involving relevant stakeholders in planning and implementation, and regularly testing and updating the plans based on evolving threats and business needs.
Organizations can seek assistance from cybersecurity experts, consultants, or specialized firms experienced in developing and implementing IR and BC plans. Additionally, there are templates and guidelines available online, but it’s crucial to tailor plans to the organization’s unique needs and environment.