(Updated from November, 19th 2021)
When it comes to running your business, you know that you need to be prepared. Just like we all know what to do in the event of a fire because we practice our escape plan, your business needs to plan and prepare for a cyber attack.
Breach readiness is knowing how your business will respond in the event of a cyber attack. While we all hope we don’t suffer a cyber attack, being prepared for the worst can help you recover quickly and lessen some of the devastating effects. Part of the preparation is to prioritize your key business processes.
Prioritizing which business processes are most important is key to recovering quickly. For instance, the business needs to know what will happen if the finance department is hit by ransomware before completing the quarterly close. If ransomware impacts the customer service team in a way that impacts their ability to field customer inquiries, will this devastate your business? These are questions that need to be addressed, and business processes like these need to be ranked in order of most important to least important.
This ranking of the business processes will help determine what vulnerabilities are addressed first by the organization. It will also determine what business processes need to be put back online first in the event of a cyber attack.
Once you have ranked the processes, you can use these rankings to develop your patch management strategy. With the number of vulnerabilities out there, it is impossible to patch everything immediately. This is where ranking your business priorities come into play. Prioritizing patching systems based on business outcomes enables security teams to address vulnerabilities in a business context. Together with their business leaders, security teams should decide which outcomes and processes need to be protected, and therefore patched first.
This ranking of priorities also works well when it comes to testing your backup restoration process. If your business is like most businesses, you don’t think about restoring from your backups until you need to. Unfortunately, finding out after a ransomware attack has occurred that you can’t restore your data from the backups is not good. While it can be time-consuming and expensive to test restoring all your company data, prioritize which systems need to be restored first, and prioritize testing the restore capabilities of your most mission-critical data.
Preparing for a cyber attack before it happens is key to recovering quickly with little business impact. Knowing which business processes take priority when it comes to patching vulnerabilities and restoring from backups is part of that. If you need assistance ranking your key business priorities, contact Quick Intelligence for all your cyber security needs.