Conquering disruption: How to build a more resilient business

From COVID-19, the energy crisis and widespread strikes, business continuity managers have been kept busy in the last few years. And the impact of these events, as well as ongoing threats like cyber attacks, mean that continuity planning is a regular topic on boardroom agendas.

Business resilience is now crucial to guaranteeing continuity and sustainable operations. In fact, according to PwC’s Global Crisis Survey 2023, 89 percent of organizations state business resilience as one of their key strategic priorities. But what are the key factors at play in building a more resilient organization?

Call and response

The first step is reviewing your existing incident response management and continuity plans. While in times of non-crisis, it’s easy for companies to focus on other areas. But when incidents do occur, it’s often already too late. That’s why it’s vital to regularly review and update current plans to ensure they are still effective and relevant.

And with the risk of cyber attacks remaining a constant threat, businesses must also develop a separate incident response plan for cyber resilience to discover, prevent, and respond to security threats. This should include the critical elements, such as identifying and reporting the incident before containing and eliminating it. It’s vital that this plan also includes steps to assess the damage and restore normalcy, as well as analyzing and improving post-incident strategies.

There is no one-size-fits-all approach, given the breadth of attacks. So specific measures must be in place -- whether hit by a ransomware attack or caught up in phishing attempts.

Back, back, back-it-up

The old adage of back up your work is no longer enough, and this is where the 3-2-1-1-0 backup strategy comes in. This approach offers enterprises the best chance of data recovery in the event of a cyber attack.

Following this framework involves creating three copies of important data sets, in addition to the original, and splitting these copies across two different storage methods.

It’s crucial that these additional backups are stored separately from the primary one, too. One should be kept offsite, and the other copy must be air-gapped and immutable to prevent any chances of the data being compromised. The final step that enterprises should follow – achieving zero errors in the data backup. Inconsistencies, errors, or missing data could jeopardize a successful backup.

The 3-2-1-1-0 backup strategy offers enterprises the best chance of data recovery. While this approach certainly isn’t new, it remains fundamental to ensuring data resilience and recovery in the event of a disaster or cyber incident. This strategy ensures that you have at least two backup copies of all important data and can recover from incidents more efficiently.

Let’s put it to the test

Lastly, conducting regular tests and rehearsals of existing business continuity, crisis management, and cyber incident response plans is vital. How can business continuity managers know if the organizations will remain resilient against threats if the procedures in place have never been tested? To ensure these plans are strong enough to protect against all kinds of disruption, businesses must assess tolerance levels across important business services and plan and test for worst-case scenarios, not just plausible ones.

Testing remains a highly effective way of ensuring that everyone within the organization comprehends their role and responsibilities in the event of an incident. It’s far better to identify shortcomings in existing plans or any missing critical data during the testing phase than when faced with an actual incident.

Putting brilliance in resilience

To stay in the driver’s seat on the road to resilience, business continuity and security teams must now prioritize organizational alignment by communicating to executives the importance of resilience through threat assessments, cost evaluations and other relevant documentation. And it’s vital that the entire organization is brought on this journey.

The more adept a business is at mitigating risk, the more robust and adaptable it will be. By adequately preparing for, detecting, anticipating, and adapting to the ever-changing risk landscape, a business can position itself to withstand almost any potential disruption.

But to attain this level of resilience, organizations must broaden the focus beyond the immediate risk landscape and prioritize long-term sustainability. While overcoming daily obstacles is a difficult task, having the foresight to prepare for future ones simultaneously provides a competitive edge in its own right.

Martin Lewis is Operational Sales Manager at Daisy, a trusted partner for end-to-end IT solutions.