Ideally, business continuity plan best practice revolves around identifying the key risks and how to handle them, and separating out risks that do not justify planning time and effort, because they are too small or too improbable. The problem is to decide whether or not a risk merits inclusion in the BC plan. The current conundrum in IT terms is the APT, which stands for Advanced Persistent Threat. It refers among other things to computer viruses recently given media exposure in reports of attacks on financial and government institutions. But if your business has nothing to do with either of these sectors, should you worry?
Some organisations believe that such APTs, like alien invasions from outer space, are unlikely to have an impact on their daily activities. Others, notably representatives of the computer security industry, say that nowadays any organisation is at risk from the likes of viruses such as Gauss, Flame and Stuxnet. The arguments they advance for taking APTs seriously include:
- The organisational data that APTs like these steal can in theory find a buyer somewhere, meaning that cybercriminals are motivated to apply such viruses to any company or corporate entity
- The viruses are sophisticated in their actions, but simple for cybercriminals to apply, increasing the risk by increasing the potential number of attacks
- Statistics now show APT attacks being perpetrated on larger entities, but also on SMBs
For SMBs, the challenge to business continuity plan best practice may be the difficulty in realising the return on investment in beefing up cyber security appropriately. One tool to help cost-conscious enterprises to resolve the situation is cloud computing. Cloud systems often have possibilities for analysing activity logs that go beyond what SMBs have on their own. Checking out such logs helps companies spot any suspicious behaviour and therefore make a better reasoned decision about whether or not to increase efforts and resources in this area.