Blog: Six issues for increased preparedness

Increased preparedness is currently high on the agenda, which no one can have missed. For people in the industry, the topic is of course always relevant. Jonas Wiklund, head of Advisory at Coromatic, shares his thoughts on some current issues.

So how should you think? Is the current situation in the outside world such that there is reason to increase the general security of mission-critical infrastructure? The sad answer is that “it depends”. That is, it depends on how often you analyze the current situation and work on your security and continuity.

Awareness is the first step

Hopefully, you already have a pretty good understanding of the risks and vulnerabilities that exist at an overall level. Awareness is a good first step, but it should also lead to concrete actions. Dare to prioritize and make sure that the action plan is clear. Always assign responsibility, budget, and deadline to make it happen.

The big picture is important

However, it is easy to get caught up in detailed thinking about certain risks or specific technical solutions, but I urge you to think about the big picture more often. Sometimes it is good to turn the question around and not start from the risk and vulnerability perspective, but rather from your business goals, supporting processes and ultimately the resources that you depend on to succeed.

Six quick tips for increased preparedness

The above is always good to keep in mind, but right now there is of course a lot that does not feel or work as usual for many businesses. Not least, there are reports of increased risk of sabotage and other attempts to affect Sweden and businesses here. Therefore, I am sending you some general questions to help you think more holistically:

  1. How long can operations survive if the most critical infrastructure is down and what are the consequences? Get a consequential thinking in the organization.
  2. What resources do we depend on, and how do we ensure continuity? Make sure to create an awareness of critical resources and what alternatives are available.
  3. Do we have a good overview of where vulnerabilities exist in our critical infrastructure, e.g. power, cooling, communication? Consider not only the design and construction, but also the condition of the equipment.
  4. Are we properly dimensioned? Do we have excess capacity if needed? Which functions depend on backup power and how long can it run?
  5. Is the perimeter protection around our key resources sufficient and is access restricted? Inventory access cards and keys while you are at it.
  6. Do we have a good security culture? This includes many things, but perhaps most simply, are we alert to anomalous events? Are there people who have started to move around outside the premises who are not usually there or have a behavior that feels suspicious? Make sure to establish a routine in the organization to report all deviations to the security department. Better one time too many than too few.

 

Finally, not everything is equally important, so dare to make considerations and priorities in preventive security and continuity work. Feel free to get help from outside experts to make the priorities!

Of course, we would all like the world around us to be more peaceful and secure right now, but we still need to deal with reality as it is. That is why it is really the right time to take stock and act, and probably now easier than ever to get the rest of the organization involved in the planning.

Remember not to see security work as a one-off. It is a continuous effort to maintain the desired level of security.

 

Jonas Wiklund, Coromatic

 

/Jonas Wiklund
Head of Advisory at Coromatic
jonas.wiklund@coromatic.se