Halloween is here – time for kids to go trick-or-treating, for teens to visit haunted houses, and for Americans to spend nearly $7 billion on costumes, candy and decorations. Halloween is a big business, second only to the Christmas holidays. And while it seems like it's all fun and games, there's something even scarier than the latest burnt zombie or evil clown costume: cybercrime. That's why it's no coincidence that October is National Cyber Security Awareness Month.
A recent survey1 found that by 2020, 100% of large enterprises will be asked to report to their boards of directors on cybersecurity and technology risk at least annually, which is an increase from today's 40%. The same survey found that 30% of organisations targeted by major cyberattacks2 will spend more than two months cleansing backup systems and data, resulting in delayed recoveries
Sadly, organisations rarely know that their IT environments have been breached until it is too late. Witness the Democratic National Committee (DNC), which had been hacked almost a year before the DNC discovered it had been compromised. A successful cyberattack can shut down operations – not just for a few hours, but for multiple days and weeks. The collateral damage, such as information leaks, reputational damage and so on, can continue for much longer. And while 34% of organisations think they will be affected by a cybercrime during the next two years, only 37% of organisations have a cyber-incident response plan.
That's why CIOs are scratching their heads for a way to counter cyber spooks. I recently spoke about four best practices for BCM leaders at the Continuity Insights conference in New York City. Here's what I told the audience:
1. Replace Legacy BCM Solutions
In today's cyber-sensitive world, Microsoft SharePoint and Office no longer cut it. The days of plans as static documents and Business Impact Analysis as spreadsheets is over. Based on the Gartner 2015 Security and Risk Management Survey2, only 46% of surveyed organisations own Business Continuity Management Planning software, 52% own crisis or incident management software. That's cutting it too close. Organisations need to find newer business continuity management solutions and get rid of older systems that are too prone to hacking.