High on the agenda for boards and executive committees, in line with growing reliance on digital platforms and a worsening threat landscape, is cyber resilience, and yet many companies seem badly prepared for what has become a major threat to their sustainability.
Research by the New York Stock Exchange shows 66% of directors are less than confident that their companies are properly secured against cyber attacks. Recent events such as the WannaCry ransomware attack, and the hacking of the Democratic Party’s systems by Russian agents, among others, suggest that boards are right to be worried.
“Governance codes like King and others now make ICT governance a board responsibility because of its importance to organisational sustainability, and yet most boards do not fully understand the issues,” says Braam Pretorius, GM: Sales at ContinuitySA. “In fact, research by Dimension Data shows that 68% of companies have no plan to respond to a cyber security breach, and remain unprepared for an attack. Business resilience and cyber resilience are now just two sides of the same coin.”
He argues that cyber resilience requires not only preparedness, but the ability to respond to a successful cyber attack. Response is critical because unless the organisation can recover rapidly from the attack and resume operations, it faces the real possibility of complete failure. Such cyber attacks are increasingly sophisticated, and can be very severe. He cites the recent example of a ContinuitySA client, 90% of whose production environment was encrypted by the Troldesh/Shade ransomware application. All data was lost and operating system files were damaged.
Luckily, the client subscribed to offsite server replication and work-area recovery service from ContinuitySA. It was thus able to have its systems completely restored over the weekend. A week later, the same malware struck again, so the entire process had to be repeated. Without the existence of this backup environment, it would have been out of business.
“In an age of cyber terrorism and rampant cyber crime, we recommend that organisations seriously consider subscribing to a fully managed, offsite disaster recovery and work-area recovery service, one that is regularly tested to ensure it operates,” Pretorius concludes. “If one has no Plan B, one is not truly cyber resilient – and that means the business itself is not resilient, and the board and exco are not properly fulfilling their fiduciary duties.”
 NYSE Governance Series, Cybersecurity in the boardroom (2015), available at https://www.nyse.com/publicdocs/VERACODE_Survey_Report.pdf.
ContinuitySA is Africa’s leading provider of business continuity management services to public and private organisations. Delivered by highly skilled experts, its fully managed services include ICT resilience, enterprise risk management, work area recovery and BCM advisory – all designed to enhance business resilience in an age of escalating threat. By helping clients understand their risk profile, and then develop an appropriate risk-mitigation strategy, ContinuitySA provides peace of mind for all stakeholders.
ContinuitySA operates the continent’s biggest network of recovery centres, with more than 20 000m2 of space in Gauteng (Midrand and Randburg), the Western Cape (Tyger Valley and Somerset West), in KwaZulu-Natal (Mount Edgecombe) as well in Botswana, Mozambique, Kenya and Mauritius.
ContinuitySA is a Gold Partner of the Business Continuity Institute and the recipient of the BCI’s ‘Continuity and Resilience Provider’ award for the third consecutive year in 2016.
ContinuitySA. Our business is keeping you in business.
Our comments policy does not allow anonymous postings. Read the policy here