What is it?
A plan that allows an organization to remain operational at acceptable, predefined levels of operation despite disruptions resulting from human, technical, or natural causes.
Why is it important?
With more and more companies becoming heavily reliant on data to drive decisions, any loss of that data -- even short-term -- can bring business to a halt and have dire effects on the bottom line.
Why does a business professional need to know this?
While cybersecurity plays an important role in keeping a business safe and operational, it is only part of the solution. Attacks now use advanced technology, big data, artificial intelligence, and analytics in ways that rival some of the most innovative and sophisticated methods being used by legitimate businesses around the world. New strains of malware that exploit zero-day vulnerabilities are being developed every day, making it impossible for security policies, solutions, and training to keep pace, let alone stay ahead of determined cybercriminals.
As a result, the only way to protect an organization is to have a business continuity plan and supporting technology to ensure that company servers and data are always backed up and recoverable, even in the face of the most aggressive attack.
In contrast with an incident response plan, which outlines the immediate response to a breach, a business continuity plan focuses on the steps needed to keep a business going after an attack. An effective business continuity plan must create a response team to coordinate pre-event planning, testing, communications, and backups as well as post-event tasks such as maintaining access to business records and ensuring continuous IT operations(Olzak 2013).
Cybersecurity measures can prevent many threats, but with the level of sophistication and social engineering techniques used by cybercriminals today, eventually one will get through. That is why business professionals must work with cybersecurity specialists to build a strong business continuity plan.
- (Olzak 2013) The elements of business continuity planning: Olzak, Tom (2013). TechRepublic. Guidance on business continuity planning, including advice on recovering from natural disasters and man-made disruptive events such as cyberattacks.
- (NIST 800-34) Contingency Planning Guide for Federal Information Systems: Also known as SP 800-34. PDF. This is the US National Institute of Standards and Technology (NIST) document designed to assist organizations in understanding the purpose, process, and format of information system contingency planning development through practical, real-world guidelines. It includes a glossary and acronym list.