As published in the Summer 2016 Issue of the Disaster Recovery Journal – Volume 29, Number 3.
One of the latest threats to organizations is something termed “ransomware”. Commonly defined as a type of malware that blocks access to an application and its data until the victim pays a predetermined amount of money. You may have read about two recent attacks, one targeting the Hollywood Presbyterian Medical Center and the other targeting MedStar. If you haven’t heard about these two attacks, perhaps you can pause for a minute and do a quick Google search to learn more. And, after you do, I have a question for you to consider:
If your organization hasn’t already prepared for this type of threat (ransomware or malware in general), who owns planning for it or preparing contingencies addressing the affected resources?
This article discusses some of the threats and risks that are currently top-of-mind for executive managers and why resilience-related thinking is so important, as well as the different roles that the business continuity professional can perform to add value. Continue reading
The last several years have continued to see an increase in the sophistication and volume of cyber threats, with a 42% increase in targeted attacks in 2012 (as reported by Symantec, in its 2013 Internet Security Threat Report). The range and types of threats vary greatly as well; in June 2013, InfoSecurity magazine listed the top five specific IT cyber security threats as: data breach, malware, DDoS, mobile threats, and industrialization of fraud – each of which requires a different preventive and response approach. An Ipsos survey for Lloyds Risk Index 2013 indicated that cyber risk is the third biggest concern for CEOs when assessing organizational threats, jumping nine spots from the previous year’s ranking of 12th.
In most organizations, monitoring and response has continued to develop and mature within IT to proactively address vulnerabilities. That said, there may be opportunities to better integrate IT’s response to such illicit activity with the organization’s business continuity program and structure, so that if an event does occur, the organization ensures a timely and coordinated response. After all, cyber security incidents can have business continuity implications and impacts that extend far beyond IT. Continue reading
In December 2009, my perspective titled “Data Breaches: A Sidewalk Sale of Consumer and Personal Information” detailed the financial, reputational and regulatory implications surrounding a data breach occurrence. Since then, little has changed (other than the fact that the term “data breach” is now commonplace throughout workplaces and households due the continuous increase of breaches worldwide). Organizations around the world ranging from US Bank and Outback Steakhouse to the U.S. Air Force and Sony have experienced (or are currently experiencing) a data breach and the headache of breach notification. Despite numerous attempts to implement federal data breach notification legislation, little has been done on a national level to streamline the process.
This perspective highlights the data breach notification process and how recent legislation proposed by the Obama Administration is hoping to consolidate dozens of diverse state breach notification regulations into one integrated national plan. Continue reading