Dodging the Double Whammy to Preserve Business Continuity

August 26, 2024 Chris Alberding Applications & Technology, Elevating Architecture, leadership, Security, Software, Strategy & Planning 0

A seven-step plan to protect your organization against the escalating risk of a cyberattack timed with a weather disaster

By Chris Alberding

While Hurricane Debbie was soaking the Southeastern U.S. this August, weather watchers at Colorado State University were marking the start of peak Atlantic hurricane season with a foreboding prediction that 12 storms could reach hurricane strength in the region through this fall, equaling a forecast record established in 2020. Just as ominously, six of the 12 storms forecast for this year are expected to become major hurricanes.

From hurricanes and wildfires to flooding and heatwaves, this summer’s extreme weather provides organizations and their IT teams with yet another powerful reminder that in this era of climatic upheaval, they need to take extra measures to protect their business operations, IT infrastructure, data and other assets, not only from weather-related disruptions but from the cyber vulnerabilities that disasters like these can invite — and that hackers are always ready to exploit.

A new report dubs the dual phenomenon a “compound physical-cyber threat” and warns that a cyberattack purposely timed with a heatwave, for example, would have exaggerated, far-reaching consequences on businesses, communities and entire economies. “Cyber-attacks are more disruptive when infrastructure components face stresses beyond normal operating conditions,” the report says.

The best way for businesses to counter the compound threat? By deploying defenses that are as sophisticated, persistent and adaptable as the would-be attackers themselves. Based on my work supporting the cybersecurity efforts of organizations across the business landscape, here’s a playbook for keeping a business operating, connected and protected during a potential double-whammy:

  1. Gauge your organization’s current cyber defenses and identify vulnerabilities—before disaster strikes. A formal risk assessment (perhaps conducted with support from a third-party cybersecurity expert and/or operational resilience assessment software) is critical to understanding the strengths and vulnerabilities of your IT and communications infrastructures.

As for red flags to watch for, relying on an assortment of security platforms, patches, policies, hardware and software that aren’t integrated, synchronized or closely managed invites trouble, as adept as cyberattackers are at exploiting weaknesses. The same goes for relying on an older communications network, which can be more vulnerable to attack than cloud-based network constructs like SD-WAN (software-defined wide area network). SD-WAN not only has the ability to bounce between broadband and ethernet in real time to preserve bandwidth and connectivity during a disaster, it also comes with built-in cybersecurity layers like private connectivity and encryption.

  1. Design a cybersecurity roadmap and plan. Taking the findings from that risk assessment, next develop a detailed plan that specifies the cybersecurity risks your organization faces and the defenses it will use to address each of these risks. That roadmap in all likelihood will include a shift away from on-premises, appliance-based security systems, to more sophisticated measures, perhaps beginning with deployment of a next-generation firewall at a minimum. From there, an organization can add security layers such as secure web gateways (SWGs), zero trust network access (ZTNA), and cloud access security brokers (CASBs).

Nowadays, more organizations are taking it one step further. Once they decide to shift from their legacy security systems, they are choosing a comprehensive, multilayered cloud-based security solution like SASE (secure access service edge) or SSE (security service edge). These solutions work by converging ZTNA, CASBs and other security layers within a single software stack that secures all endpoints, users and applications on an enterprise’s existing network configuration against all types of phishing, malware and ransomware threats. The ability of these solutions to protect networks out to the edge, even as the contours of that edge shift, is critical during a natural disaster.

  1. Develop a business continuity plan. The cybersecurity roadmap is part of a broader business continuity plan that, based on an evaluation of your organization’s exposure to operational disruptions, specifies how various crisis scenarios will be handled to preserve communications (with customers, employees, suppliers, etc.) and operational integrity. That includes identifying and prioritizing defenses for critical on-premises hardware and brick-and-mortar IT infrastructure (such as data centers).
  2. A phased-in move of IT infrastructure to the cloud. As costly as disruptions of any kind can be to an organization’s bottom line and its brand, gaining an adequate level of operational and IT resilience and security in most cases necessitates a shift to cloud-based solutions — SD-WAN for network, SSE for security (or in the case of SASE, network + security). Moving apps, business processes and IT infrastructure to the cloud in phases, in a manner that’s cost-effective (preserving a hybrid environment with some on-premise applications and/or infrastructure) not only gives organizations access to these solutions, it’s a critical pathway to successful digital transformation.
  3. Consider enlisting a third-party expert. If your organization’s IT team is running exceedingly lean, if you’re consistently challenged to find and keep IT/cybersecurity talent, or if you prefer to let your IT teams concentrate on pursuits that add value for the business, it could be worth considering outsourcing cybersecurity to a managed service provider (MSP). Not only do single-vendor managed security solutions provide “significant operational efficiency and security effectiveness compared with best-of-breed solutions, including tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted,” according to Gartner, they also give an organization what amounts to an extension of its own IT team to manage cybersecurity and serve as a first responder during a disaster. This is an important consideration in a world in which 59% of U.S.-based organizations lack internal IT capacity, according to a recent study from Forrester Consulting and Windstream.
  4. Stress-test your plan and your network. Now it’s time to see how your business continuity plan and your IT infrastructure perform under simulated disaster and cyberattack conditions, identifying and addressing any vulnerabilities that are exposed. Here’s where a third-party expert and/or some type of incident simulation software can provide valuable insight and guidance.
  5. Stay on top of the threat landscape. As quickly as attack strategies are evolving, it’s incumbent on organizations to keep regular tabs on new threats and assess their wherewithal to combat them. The Cybersecurity and Infrastructure Security Agency (CISA) offers some solid advice in that regard.

Regardless of the business you’re in or where you operate, the compound threat is real. Last year, the U.S. recorded 28 billion-dollar weather and climate disasters, surpassing the record of 22 set in 2020, according to the U.S. National Oceanic and Atmospheric Administration. Meanwhile, as of this July, the number of data comprises recorded by the Identify Theft Resource Center was on pace to exceed 2023’s record total by 14%. No business should consider itself fully protected without proactive preparation and multiple layers of defense.Alberding headshot

Chris Alberding is senior director for SD-WAN and security at Windstream Enterprise, which provides managed cloud communications, networking and security services to businesses and public entities across the U.S. https://www.windstreamenterprise.com/