Improve Prevention and Response by Integrating BCM and Security
While concerns over mobile devices have topped corporate security priority lists, devices aren’t the only point of vulnerability. Cell towers and other sensitive infrastructure are also susceptible to attack. Fortunately, new prevention and response methods can counter these debilitating threats.
According to research by Zimperium, three serious flaws open the door for cybercriminals to crash, hijack and steal data from cell towers. That means an attack affecting an entire network of mobile devices is a real and looming threat. Considering that cell towers are often shared among multiple carriers, such attacks could affect more than one massive network. As scary as this scenario is, it’s only one of many infrastructure threats that companies face today.
It’s challenging for traditional security models to keep up with the increasing sophistication and speed of today’s attacks. Savvy organizations are updating their prevention and response models to better mitigate risks.
A Tale of Two Teams
Traditionally, business continuity management (BCM) is the responsibility of one team, and incident response belongs to another. The two teams rarely — if ever — coordinate their efforts. This model leaves a wide gap in security operations that can slow even the best of plans.
Closing the gap between BCM and incident response not only allows organizations to respond more quickly and effectively but actually reduces the likelihood of a data breach. According to a recent study by Ponemon, companies that involve BCM in their security operations have a 21.1 percent likelihood of a data breach, versus 27.8 percent for companies in which security and BCM aren’t integrated.
While preventing a data breach is the best outcome, reducing the impact of a breach is also key. The Ponemon study found that 55 percent of organizations that involve BCM with security experienced material disruption caused by a data breach, compared to 75 percent of companies where BCM and incident response are separate.
The study also found that among companies where BCM is part of security operations, breach detection times fell from 234 to 178 days, and mean time to breach containment was 55 days instead of 83. Incorporating BCM into security reduces the costs associated with a data breach by 15 percent.
Five Steps to Better Prevention and Response
The first step in integrating BCM and incident response teams is to ensure the BCM program is up to par. Too often, companies fail to upgrade to more robust and sophisticated programs and leave vulnerabilities in their planning. According to an IBM white paper, a quality BCM program crosses seven operational sectors: business strategy and vision; organizations and people; processes; applications; data; IT infrastructure; and facilities.
The second step is to build interdisciplinary teams in both business continuity and security. This means adding security pros to BCM teams and BCM pros to security teams. To further seal this gap, consider hiring a chief information security officer (CISO) if you don’t already have one in place.
The third step is to require these interdisciplinary teams to work together in disaster recovery testing. Only by working and regularly testing as a team will it be possible to align and streamline processes and procedures. Disaster simulations and preparedness exercises can help your security team understand what BCM processes will be useful in responding to a breach.
The fourth step is to appoint crisis management team leaders — one from the security team and the other from the BCM team. These two will communicate with each other and coordinate their teams’ efforts during a crisis. The final step is to identify specific needs and allocate the budget dollars necessary to address them. Employing these strategies will help you create a more secure business environment that’s better able to prevent and respond to data breaches.