Says ContinuitySA's client service manager, Wayde Anderson: “We live and breathe testing because we know that the only way to ensure that a business continuity plan actually works is to test it — rigorously and frequently. A disaster is no time to find out that the plan has serious flaws.”
Rehearsals are critical, but testing is much more than that. The often overlooked benefit of testing is that by feeding the results of each test back into the business continuity plan, the plan only improves.
The same logic holds good when it comes to cyber resilience. The Business Continuity Institute’s Cyber Resilience Report revealed that two-thirds of organisations had experienced at least one cybersecurity incident during the previous year, and 15% had experienced at least 10.
Improving an ICT system’s ability to withstand an attack, and to recover from if defences are breached, is eminently sensible. The first order of business is to ensure that cyber security is integrated into the business continuity plan, and thus into the regular testing cycle.
Incident management, which naturally forms part of a test, also contributes to cyber resilience because, as numerous examples show, how an unexpected incident is managed is critical to limiting the damage it causes, both in the short and long terms.
Testing cyber security measures can initiate a virtuous cycle of improvement, acting as a training regime to keep cyber security up to standards, and thus building resilience to even the unexpected. Crucially, it enables a business to take a proactive stance against cyber criminals, to be prepared for whatever they might do.
You could say that testing is the secret weapon in the fight against cyber crime.
