By Brenda Story, Missouri Enterprise, Director of Information Technology
We hear so much about protecting our data and technology from cyberattack, that we tend to forget that even the best defenses could still be broken. Cyberthieves and hackers are aggressively staying just ahead of the curve, continuously thwarting even some of the very best protections. The effects of a cyberattack can range from something so simple as “a little down time”, to utter devastation that cripples an operation’s ability to function, destroying the foundation of a company’s systems.
If your company becomes the victim of a serious cyberattack, the fix won’t be as simple as just booting your systems; you might have to rebuild everything, and you’ll need to get it done ASAP so you can get production up and running right away. So you better be prepared with proper backups, redundancies and more to ensure you can quickly restore your systems to full operational efficiency.
Sure, many manufacturers (it should be ALL!) have seen the light and developed cybersecurity strategies to protect their company’s vital records and secrets and protect their operational capabilities, but far too many are still living in the dark ages and aren’t doing enough to protect their technology and information!
Still fewer are admitting that even their best defensive efforts might not be enough, and they’re not planning for the worst. The best organizations have a detailed recovery plan in place so they can get things back to normal quickly in the event of an attack, even if that attack destroys all their system information.
The National Institute of Standards and Technology (NIST) recognizes that, as the number of cybersecurity incidents increases, manufacturers need to do more to protect themselves, and even more importantly, they need to plan how they will recover if they are hit, especially if they are hit hard.
“It’s no longer IF you are going to have a cybersecurity event, it is WHEN,” says computer scientist Murugiah Souppaya, one of the authors of NIST’s Guide for Cybersecurity Event Recovery. (https://doi.org/10.6028/NIST.SP.800-184)
I encourage all our Missouri manufacturers to pop online and download this helpful guide to planning how to get your company up and running again in the event of a cyberattack. It covers everything in great detail and includes a checklist for critical issues you need to address, such as: Pre-Conditions Required for Effective Recovery; the Tactical Recovery Phase; Execution; Termination; The Strategic Recovery Phase; Metrics; Recovery Plan Improvement.
Remember, if you fail to plan for recovery from a serious cyberattack, you plan to fail to recover fully and quickly. The consequences and costs of not having an effective cyberattack recovery plan could be anything from a few days or hours of lost production, to months of crippled operations, to total collapse of the organization.
Yes, it’s that serious, so you need to maximize your cybersecurity efforts, and you need to plan how you will recover quickly if you are downed by a cyberattack.