DRJ’s Fall World 2013 will feature an unprecedented amount of information! We are adding new tracks, revamping old ones and creating the best conference ever for our attendees.
In 2012, Continuity Insights published its first report into the use of social media as a crisis communications tool. This year, Continuity Insights dug a little deeper in an effort to learn more about the industry’s social media strategies, how respondents view the risks associated with social media, and whether sentiment towards social media’s effectiveness has changed.
My topic of choice for today’s webinar listen-into was the one on Cyber Threats and Cyber Security by Brendan Byrne from IBM in which Brendan shared both IBM’s and other organizations experiences from the dark world of cyber threat.
According to a recent IBM survey, the biggest threat perceived by Business Continuity professionals is cyber-security. Some of the challenges faced include BYOD (Bring Your Own Device) which is on the increase; the widespread use of social media with its pros and cons; workforce mobility and the increasing use of cloud-based solutions.
The landscape is changing for organizations all around the globe. Big Data or Smarter Data inevitably means more security considerations and the growing use of online services is another cause for security concern. The boundaries are becoming blurred as we step up the use of the innovative technology that is advancing our way. Supply Chain Security, as Brendan quite rightly said, is indeed only as strong as the weakest link in the chain and the expanding use of data is presenting more and more problems in terms of potential threats to an organization.
According to the X-Force Research Team (just one of the jewels in IBM’s crown) who is tasked with analysing the worldwide web on a daily basis, scanning the horizon for new trends and new vulnerabilities, there are over 40M spam and phishing attacks every month! Now that is a scary figure. KPMG’s Data Loss Barometer 2012 showed that hacking is the number one cause of data loss and that data loss incidents have increased by 40% since 2011. There is evidence of new attack activity as malware gets too clever for its boots. Some of the challenges faced are down to things as apparently simple as passwords (or rather the common and widespread use of the same password) and of course there is the challenge of BYOD and a new concept, called APT (Advanced Persistent Threats).
One of the key messages that this webinar drove home, was the importance of embedding cyber-security into an organization’s business culture. It is not enough to develop a policy and then file it away thinking that the job is done and a big fat tick has been put in the box. With a constantly changing landscape and new threat activity entering the “Cyber Charts”, it is essential that organizations review, review and review again to ensure that their policies and procedures meet the current and future security needs of their business.
One of the key issues is that cyber threats are just getting more and more sophisticated. Motives for cyber-attacks range from simple curiosity, to revenge, right through to the big stuff like espionage and political activism. The players or actors on the cyber stage are also becoming increasingly more educated and organised. They scale of actor type runs from the inadvertent actor, who may cause an incident through ignorance or lack of training; to the opportunist that just grabs the moment to do some damage; to the “hacktivist” (remember that is the number one cause of data loss); right through to the top of the tree with the advanced actor, that heads up some big scam.
According to IBM research, the top three IT risks that damage a company’s brand (its greatest asset) and reputation (as perceived by BC professionals) are: Data Breach; Systems Failure and Data Loss in that order.
An interesting example of a botnet was put in the room as such to demonstrate both its apparent innocence and its inherent danger. We can all very easily download a botnet. More often than not, this just sits harmlessly on our computers until the organiser of said botnet decides to sell this onto another organization, which in turns uses this to collate important and personal data and there we have it – bring this data together into one central location and you have a hacker’s dream and the so-called Money Mule concept kicks or trots (does a donkey trot?) into action. So we see that the end users are also part of an organization’s security landscape.
Brendan also expanded on the IBM approach to managing cyber threats. The IBM approach consists of two elements – the first is the “Pre-exploit”, which is all about prediction and prevention and the second is the “Post-exploit” which is about reaction and remediation. Every organization needs to adopt this approach. Every organization needs an instant handling approach and every organization needs an intelligent view of their security position. When working with clients, IBM has discovered that most organizations think they have an optimised approach; but reality tells another story with the majority only having basic measures in place. Organizations need to aim to be proficient in order to be able to proactively protect themselves from cyber-attacks.
Brendan listed the essential practices as follows:
- Build a risk awareness culture and management system
- Manage security incidents with greater intelligence
- Defend the mobile and social workplace and make social media work for you and not against you
- Have security-rich services by design and not as an after-thought
- Automate security hygiene
- Control network access and help assure resilience
- Address the new complexity of cloud and virtualisation
- Manage third party security compliance
- Better secure data and protect privacy
- Manage people’s identity throughout the whole security lifecycle
Brendan then talked about the IT Trends for 2013, which he defined as follows:
- Cloud security will move from hype to a mature solution and will progress
- Advances in BYOD mobile will increase and be more secure than laptops by 2014
- Compliance will be a big driver for 2013 with organizations facing potential fines of 2% of their global annual turnover
- Data explosion will increase
And in conclusion, Brendan left us with the top threats for individuals to consider in 2013 and these are:
- Cyber Security
- Supply Chain Security
- Big Data
- Data Security in the cloud
So yes, cyber-threats are very real, but with the right approach to cyber-security they can be managed.
Tags: BCAW 2013, Business Continuity, Business Continuity Institute, Business Continuity Management, cloud computing, crisis communication, crisis management, cybersecurity, information security, IT Risk Management, reputation management, Risk Management
Practice makes perfect
We are all familiar with the expression “practice makes perfect” and never has a truer word been spoken. Practising is all about rehearsing again and again until you have mastered the role you’ve been assigned; but, it is also about improving your behaviour.
When dealing with risk, managers can choose to accept, eliminate, reduce or transfer it.
In addition to this, it is integral for managers to devise business continuity plans to deal with the threats identified by setting out what needs to be done should a certain event occur.
And although not possible to avoid all risks, business continuity management (BCM) can minimize the disruption to a business to a great extend, protecting its share price, stakeholder relations, and reputation, among others.
With that said, BCM is a critical strategic function that cannot be neglected by any organization whatsoever.
By seeing BCM as not just another form of risk management, but as a means of gaining true insight into what the business actually does, how it does it and what it needs to do it, managers can add significant value to the overall business operations of a company.
See Business continuity management as a tool to minimize business interruptions, from South African Insurance Times & Investment News.
What’s the future career path for today’s Business Continuity Management professional? Singapore’s Nathaniel Forbes has plodded along a BCM career path for 14 years, and doesn’t see a light at the end of the tunnel. All he sees is more tunnel.
Enterprise modelling (EM) is a method which can be used to create a logical model of an organization. It is prevalent in large, complex organizations and there are well-established standards in use which provide form and inter-operability to EM practices.
BS 25999‐2 (Part 2 ‐ the Specification) was issued in November 2007. Since that time many organizations have been certified and UKAS (the United Kingdom Accreditation Service) has been assessing the audits undertaken by certification bodies as part of its process towards accrediting these bodies in respect of BS 25999.
The Business Continuity Institute is running a survey to understand current best practice in applying business continuity management through the supply chain. The survey is open to anyone with an interest in supply chain and business continuity issues. A report on the findings will be made available to all respondents.
For a limited time, we are offering Business Survival(tm) subscribers $30.00 off the $95.00 price of the valuable book Risk Management Approach to Business Continuity by David Kaye and Julia Graham (until June 30, 2009) – that’s only $65.00!
Endorsed by the Business Continuity Institute, Institute for Risk Management, and Disaster Recovery Institute International. “This book is a must read for those senior managers, risk managers and continuity managers who have the vision to see both the new opportunities and the new responsibilities of business continuity management.” - George J. Mitchell, Chairman, DLA Piper Rudnick Gray Cary; Former Senate Majority Leader and U.S. Senator for Maine.
AND – if you order two or more copies, we will ship for FREE! (U.S. standard shipping, or the equivalent discount on non-US or express shipping orders).
To get your discount, just place your order through our secure checkout by clicking on “Add to Cart” below.
PLUS – if you become a registered subscriber to our Business Survival(tm) Weblog before placing your order, we will give you an additional $5.00/book discount! Just go to http://www.rothstein.com/blog/wp-login.php?action=register to register, and note “BLOG REGISTERED” in the “Comments” field at checkout for your additional discount. Once registered, you will be eligible for additional discount offers and unique content exclusively offered to registered subscribers!
Email firstname.lastname@example.org or call us at 203.740.7444 (or 1-888-ROTHSTEin – that’s 1-888-768-4783) if you have any questions or prefer ordering by email or phone.
[Note: the shipping discount and Registered User discount will be taken off after your order is placed and won't appear on the confirmation screen at checkout].
According to Forrester Research in a survey published in September 2007 , most firms are not ready for a disaster. This is despite a series of recent highly publicized, wide-scale disasters and disruptions that include 9/11, Madrid train bombings, Asian tsunami, Northeastern U.S. blackout, European floods, Hurricanes Katrina and Rita, and now the California wildfires of October 2007. This article explores why (1) C-level executives need to care and (2) some recommendations for action.
by Chris Alvord, CBCP in New European Economy.