There are very few more pressing issues in management today than cyber security. Notice that I didn’t say IT management; I said management. When the hacking of a major US retailer (Target) leads to the loss of billions of dollars in stock value and sales and the removal of not only the CSO, but the CIO and ultimately the CEO as well, stockholders, investors, and customers take notice.
Organizations worldwide depend increasingly on information and communications technology to operate and manage 24/7/365, and wireless devices, BYOD, social media, and the like all combine to make the jobs of those responsible for cyber security exponentially more difficult. Like the Dutch boy and the dike, security people worldwide have too many holes to plug and too few arms and fingers. Recently, I was watching a 1960s spy movie in which the agent had to find and access physical documents on site, take pictures of them, reduce the photos to microdots, paste the dots in place of periods in another document, and then smuggle those documents past the authorities. Today, an equivalent theft can be done remotely, often from another, hostile country, at light speed. And Edward Snowden’s 2013 disclosures about the doings of the US National Security Agency (NSA) amply demonstrate what a skilled technical organization with nearly unlimited resources can accomplish from half a world away.
The National Fire Protection Association (NFPA) reports that property losses at U.S. factories total nearly $1 billion annually. Between 2006-2010, about 42,800 industrial or manufacturing property fires in the utility, defense, agriculture, and mining industries were reported to U.S. fire departments each year, as well as 22 deaths and 300 injuries each year, according to the NFPA.
“Fire is the No. 1 preventable disaster at manufacturing facilities,” Cindy Slubowski, vice president and head of manufacturing at Zurich, said in a statement. “Most fires are preventable, and the risks can be reduced dramatically.”
In recognition of National Fire Prevention Week (Oct. 5-11), Zurich recommends that factory owners implement a pre-fire plan, starting with these steps:
One of the intuitive responses to Bring Your Own Device (BYOD) concerns is that it is important for organizations to have prudent and well publicized policies in place to clarify necessary information for users; including mitigating dangers and ensuring that everybody knows who pays for services.
Of course, this makes sense, but it may be difficult to do. Respecting the rights of employees and organizations is a tough balancing act. Perhaps this is why BYOD policies are not being followed as much as they should – or as much as they were in the past. Teksystems recently released a survey that suggests a lot of the people who should be paying attention to policies aren’t, and that the number of workers bypassing policies is growing.
Even more troubling, the survey found that 64 percent of IT professionals said that their organization has no official BYOD policy, and that percentage rose from 43 percent in 2013.
The steady stream of high-profile data breach incidents we’ve seen over the last few years makes one thing clear: cyber risk is a serious concern for virtually any enterprise. Disruption of day-to-day business operations and damage caused by the exposure of critical intellectual property or consumer information are just a couple of examples of potential fallout from an information security incident, not to mention a tide of expensive and embarrassing litigation and the possibility of damaging regulatory inquiries or compliance actions.
Federal agencies extend their reach into cybersecurity
Not convinced? One need only look at the breadth of publicly disclosed document requests from the Federal Trade Commission (FTC) in response to recent data breaches to get a sense of the entirely new level of scrutiny regulators are focusing on information security risk management practices following a serious breach incident. Other federal agencies like the Securities and Exchange Commission (SEC) and the Commodity Futures Trade Commission (CFTC) are also extending their reach by issuing new guidance regarding cybersecurity. Even congressional committees are getting into the act.
How security policy orchestration software can help reduce downtime in hybrid environments.
By REUVEN HARRISON
In our global, 24/7, online world, the individuals and organizations we deal with increasingly expect – and often rely on – our systems and applications being available at all times. When disaster strikes and downtime hits (whether through error, misfortune or malice), it can damage both an organization’s reputation and its bottom line. The companies you’re trusting to store and handle valuable information securely, or to access to the applications and services must do all they can to minimise the risk of breaches and downtime.
While stories about hackers and viruses breaking into (or bringing down) systems tend to prompt the biggest headlines, those of us in IT know that more downtime is due to network configuration errors than to security breaches. Because today’s networks are so complicated, and the pace and volume of changes is so great, it’s not uncommon for rushed-off-their-feet IT staff to make occasional configuration errors – and that could mean downtime for an application, service or even an entire business.
Entries are now being accepted for the BCI North America Awards 2015, which will be presented at the DRJ Spring World conference in Orlando.
This year's Award categories are:
- Business Continuity Consultant of the Year
- Business Continuity Manager of the Year
- Public Sector Business Continuity Manager of the Year
- Most Effective Recovery of the Year
- BCM Newcomer of the Year
- Business Continuity Team of the Year
- Business Continuity Provider of the Year (BCM Service)
- Business Continuity Provider of the Year (BCM Product)
- Business Continuity Innovation of the Year (Product/Service)
- Industry Personality of the Year.
The entry deadline is January 23rd 2015.
A new survey-based study conducted by IDG Research Services on behalf of Sungard Availability Services and EMC Corporation has looked at the cloud recovery market, amongst other areas.
The survey of 132 organizations found that faster recovery and reduced disaster recovery costs were reported as the top benefits of cloud recovery services (58 percent) followed by reduced downtime (44 percent) and improved reliability (38 percent).
Nearly half of respondents either have already invested in cloud recovery services or are planning to invest in the next one to two years; nearly an additional third have cloud recovery services on their radar but have no current investment plans.
Significantly, over three-fourths (78 percent) of those already investing in cloud recovery services acknowledge faster recovery as a benefit, compared with just 54 percent of organizations planning on investing and 57 percent of those with no plans to invest.
With regard to challenges specifically associated with cloud recovery services, those who are planning to invest (80 percent) and those who have no plans to invest (57 percent) are significantly more likely to have security concerns than those who are already investing (48 percent) in cloud recovery.
Organizations also wonder whether they will realize a return on their cloud spending, with 38 percent believing it will prove a challenge to realize an ROI on cloud recovery services.
The full results of the survey can be found after registration here.
When should you bring in new technology? When it does a better job at meeting your needs, of course. It’s the same for business continuity management. Migrating from in-house physical servers to cloud computing services should be properly justified by lower costs, higher reliability and better performance for instance. Without sacrificing data confidentiality, control or conformance. While cloud computing makes sense for many organisations, there are cases where it doesn’t (example – cloud computing isn’t always cheaper). Looking at the following business criteria and then analysing what new generation technology has to offer may be the smarter way to do things.
Suppose your business suffers a temporary disruption. (The cause of the disruption doesn’t matter; neither, necessarily, does the length of the disruption.) A disruption that impacts customers, prospects or finances (and almost every disruption – even for a few minutes – will), may trigger compliance obligations. You may need to file an insurance claim. Or you may need to provide government or industry regulators with the details of how your organization dealt with the disruption.
Do your Business Continuity and Incident Management plans lay out the needs and requirements for documenting actions taken during disaster or other disruption?
Any business disruption will generate a flurry of activity. Will you be able to recall all of those actions once order has been restored? Or will you have to spend countless hours reconstructing what happened, who did what and how long each action took. It is unlikely you’ll be able to capture every action by every participant. And the longer the disruption lasts, the longer that list of action will be.
Two surveys have been released recently that show the way consumers think about enterprise data breaches.
The first survey, conducted by HyTrust, isn’t surprising. It found that the majority of consumers will take their business elsewhere after discovering their information was compromised in a breach. And consumers aren’t patient on this matter. For approximately 45 percent of survey respondents, data security is a one strike and you’re out deal – they aren’t going to wait around for your company to get its act together and fix the security holes.
Also, that 45 percent wants to see companies held criminally negligent when a data breach occurs. Eric Chiu, president and co-founder of HyTrust, told eWeek that this survey result may have been the most surprising statistic to come out of the survey, adding: