Your Cybersecurity and IT Disaster Recovery (DR) programs must be closely aligned. Consider the two following questions that get to the heart of the matter:
• If your systems get breached, what will you do?
• If your systems get wiped out, what will you do?
Seems every day we hear about Cyber attacks, whether they are in the form of Ransomware, DDoS, or many other disruptive approaches deployed by criminals today. A recent study by the Disaster Recovery Institute (DRI) International identified the top three resiliency issues for organizations to address globally: Cyber attacks, IT Interruptions, and Natural Disasters. According to research by IDC, “50 percent of healthcare organizations will have experienced 1 – 5 cyber attacks in the previous 12 months.”
Cyber attacks now are another risk category to be considered within your resiliency program along with acts of nature (hurricanes, floods, fires, earthquakes); terrorism; and human error. However, this particular risk category changes the recovery dynamic because you will likely have a different approach within your DR plan for recovering from a cyber attack.
"Cyber attacks are now an important risk category to address within your resiliency program along with acts of nature"
IT DR focuses on the worst case scenario which is the loss of your primary operating environment and critical systems. In this case, you must recover your most critical systems quickly and likely at an alternate location. Your less critical systems also require recovery plans and must be recovered; however, they can be addressed later in the overall recovery effort.
A DR mindset will help you think deeply about risk mitigation and how to structure your systems to survive anomalies such as cyber attacks. So, how resilient are your systems and what kind of recovery plans do you have in place? And, most importantly, do the recovery plans work?
Cybersecurity has become a major marketplace with a huge shortage of skilled workers globally. In 2016 Forbes reported 209,000 cybersecurity jobs unfilled in the U.S. This field demands a new breed of worker who possesses a varied skillset and is comfortable using the new tools and processes that have been developed. The tools take advantage of new monitoring techniques both real-time and historical, and can dive deep into pertinent infobases to derive inferences for taking action.
These tools look at your physical infrastructure, networks, and applications (both purchased applications and those developed in-house). They force us to pay closer attention to our applications and scan frequently for both coding vulnerabilities and configuration errors. This field requires that you have a good understanding of the fixed physical environment derived by the many devices that are permanent within your data centers, equipment racks, wiring closets, behind the walls, and above the ceilings of your building(s).
In addition, it is a plus to have a good understanding of the portable (remote) devices that connect to your enterprise via the internet or any other remote access modalities including the use of cloud providers. In addition, the Internet of Things (IoT) with particular emphasis on connected healthcare devices clearly warrant their own categorization and heightened level of security from my healthcare perspective.
Much of this knowledge about your IT infrastructure and systems is found within your IT DR team. I suggest they be closely linked if not part of your information security organization. They can bring a lot to the table when thinking about point-in-time recovery options to help address cyber attacks and approaches for recovering your systems. After all, they prepare for the worst case scenario.
IT DR focuses on recovering your systems to meet their stated RTO and RPO by deploying various technology solutions. When cyber attack is added to the risk equation, it will impact your system design to achieve the added level of resiliency.
Today’s cyber criminals are forcing CIOs to “react” and think differently about the viability of their systems. Not only must their systems be quickly recoverable to meet the needs of the organization, they must also be bullet proof. I believe this is yet another driver of change, and an important quality to seek in the type of leaders that organizations need today.
On a national scale, from 2013-2015, the Director of National Intelligence named the cyberthreat as the number one strategic threat to the United States. We must be vigilant.
In closing, I recently have been reading about Blockchain technology conventions for use in healthcare to secure information, and protect patient and provider identity. It is great to see that experts are working on this and I am optimistic that new markets will emerge to reward those investors who pick up on it. Needless to mention it will help me feel better as I age into the connected healthcare world.