Business continuity planning: How to prepare for a cyberattack
In today’s digital landscape, businesses rely heavily on their cybersecurity program to protect critical data and operations.
CrowdStrike, a leading provider of cloud-native endpoint protection, recently experienced a significant outage that sent ripples through the cybersecurity community. This incident not only disrupted services for countless organizations but also highlighted the critical importance of robust business continuity planning in our interconnected world.
What happened during the CrowdStrike incident?
The CrowdStrike outage originated from a faulty update to the Falcon sensor configuration for Windows systems on July 19, 2024. This update, intended to enhance security by targeting newly observed malicious activities, contained an inadvertent logic error.
The error resulted in an out-of-bounds memory read, triggering system crashes and blue screens of death on affected machines running the Microsoft Windows operation system, ultimately leading to widespread system crashes.
What was the impact of the CrowdStrike incident?
The impact of the CrowdStrike outage was significant, affecting approximately 8.5 million devices globally across various sectors, including airlines, healthcare and financial institutions.
The aviation industry, in particular, faced significant challenges, with major airlines like American, Delta and United requesting ground stops from the Federal Aviation Administration. American Airlines canceled over 400 flights in the first 24 hours, while Delta experienced a prolonged recovery, resulting in over 5,000 canceled flights and an estimated $500 million loss.
Improving your business continuity planning
As cyberthreats and IT solutions continue to evolve, organizations need to prioritize business continuity planning to protect sensitive data and critical operations.
The recent CrowdStrike outage underscores the critical importance of robust business continuity planning across all industries. By creating or updating your business continuity plan, your organization can better navigate cyberattacks and system outages.
Here are four best practices that can help your organization create an effective plan:
1. Conduct risk and vulnerability assessments
Your organization can start your plan by assessing your cybersecurity risks and vulnerabilities so that you’re better equipped to address them.
To help you better understand your vulnerabilities, your organization should:
- Conduct a threat assessment: A comprehensive threat assessment is vital to understanding your organization’s cybersecurity posture. It can help you better identify and prepare for internal and external threats that could potentially exploit vulnerabilities in your systems.
- Identify critical assets and systems: Your organization should create an inventory of all hardware, software, peripheral devices and removable media — including those belonging to third-party providers — that are critical to your operations. This inventory should also detail who is responsible for each asset, where it is stored and its purpose.
- Evaluate current security measures: Assessing your existing security measures is vital to identify gaps and areas for improvement.
2. Create a comprehensive plan
Developing a comprehensive plan that covers all areas of your operations can help you effectively respond to and recover from cyber incidents. Your plan should serve as a road map for all your teams, not just cybersecurity and IT professionals, and provide clear instructions on:
- Roles and responsibilities: Your plan will need to help create a coordinated response with individuals from across your organization, including IT professionals, operations personnel, human resources representatives, communications experts and management. You also need to include defined roles and responsibilities so that everyone understands their place on the team and the actions they need to take during an outage or security incident.
- Communication protocols: Effective communication is critical when navigating a cyber incident. Your organization should develop a comprehensive communication plan that reaches all affected audiences, including staff, customers, investors or other stakeholders.
3. Establish data backup and recovery strategies
A robust data recovery strategy is crucial for protecting your sensitive data and helping your organization recover faster after an incident.
To help ensure that your data is accessible in the event of an outage, consider using a data protection strategy such as the 3-2-1 backup rule. This strategy involves maintaining three copies of your critical data, storing them on two different types of storage media and keeping one copy off-site. By adhering to this rule, your organization can avoid having a single point of failure for your data and improve your ability to recover or access data during an incident.
Your organization can also consider cloud-based backup solutions. These services provide off-site storage, helping ensure that data remains accessible even if on-premises systems are compromised.
Regardless of your backup methods, your organization should regularly test your recovery process to validate the effectiveness of your data protection.
4. Conduct business continuity planning training
Even the most well-built plan will not be effective if your staff doesn’t understand it. Prioritizing staff training and testing your response capabilities can help your organization enhance resilience and strengthen cyber defenses.
Cyberattack simulations are one option for providing a more hands-on approach to testing your organization’s readiness. Options like tabletop exercises allow teams to practice their roles and responsibilities during an incident without real-world pressure. They can also help you identify any vulnerabilities in your plan, systems or processes.
How Wipfli can help
Wipfli can help your organization stay prepared for cyber incidents with an effective business continuity plan. Our team brings cybersecurity insight and experience in a wide range of industries to help you create a plan that meets your operational needs and chart a faster, easier recovery.
Visit our Cybersecurity Awareness Month page to see more of our cybersecurity resources and explore our services.
Related content:
