Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Jon Seals

Monday, 20 June 2016 00:00

Ransomware: The News Is Always Bad

A study by Booz Allen Hamilton says that Supervisory Control and Data Acquisition (SCADA) systems, which manage critical infrastructure, are becoming targets of ransomware.

The report is full of bad news for industrial control system (ICS) operators. Attacks are increasing: The Department of Homeland Security (DHS) responded to 295 incidents last year, which was a 15 percent increase over 2014. The arc in the evolution of cybercrime is always toward less expensive, more sophisticated and more accessible exploits. The study, which was reported upon at Dark Reading, shows that the tendency continues:

Among the several emerging challenges for owners of industrial control systems identified in the report are ransomware and the emergence of SCADA access as a service. Booz Allen Hamilton defines SCADA access services as entities that specialize in finding zero-day flaws in industrial control networks, developing exploits for them and then selling that as a service to those interested in gaining unauthorized access to third-party ICS networks.



Jun 17, 2016 17:13 BST

​Small businesses unfairly carrying the cost of cyber crime

Small businesses are unfairly carrying the cost of cyber crime in an increasingly vulnerable digital economy, according to a new report by the Federation of Small Businesses, with firms collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion.

Cyber Resilience: How to protect small firms in the digital economy notes that, despite the vast majority of small firms (93%) taking steps to protect their business from digital threats, two thirds (66%) have been a victim of cyber crime in the last two years. Over that period, those affected have been victims on four occasions on average, costing each business almost £3000 in total.

Almost all (99%) of the UK’s 5.4 million small firms rate the internet as being highly important to their business, with two in three (66%) offering, or planning to offer, goods and services online. Without intervention, the growing sophistication of cyber attacks could stifle small business growth and in the worst cases close them down.

Mike Cherry, FSB National Chairman, said: “The digital economy is vital to small businesses - presenting a huge opportunity to reach new markets and customers - but these benefits are matched by the risk of opportunities for criminals to attack businesses. Small firms take their cyber security responsibility very seriously but often they are the least able to bear the cost of doing so. Smaller businesses have limited resources, time and expertise to deal with ever-evolving and increasing digital attacks.”

The Business Continuity Institute’s latest Horizon Scan Report showed that small businesses are no different to larger organizations when it comes to determining the greatest threat they face – in both cases it was cyber attack and data breach.

The FSB report also found room for small firms to improve security. Currently just a quarter of smaller businesses (24%) have a strict password policy, 4% have a written plan of what to do if attacked online, and just 2% have a recognised security standard such as ISO27001 or the Government’s Cyber Essentials scheme.

(TNS) - If you see something, say something.

It is a dictum for terrorizing times, and as the carnage mounts, law enforcement is more urgently pressing the public to turn tipster.

But what, exactly, does something mean?

That depends.

"If I have a friend who all of a sudden starts going to the masjid [mosque] five times a day, is that a sign of radicalization - or of admirable devotion?" said Quasier Abdullah, assistant imam at Quba Institute, a school and mosque in West Philadelphia.



(TNS) - It only took about five minutes of violent winds, but Wednesday evening’s strong storm put the fear of Mother Nature into some of Lindenwald’s (Ohio)  residents.

“It was intense. It was scary,” said Molly Marcotte, who lives down the street from where some of the worst damage happened. She and husband Randy Marcotte heard sounds of trees snapping and transformers blowing, but they say they never heard the sound of storm sirens until after the winds died down.

“Mother Nature’s a beast,” Molly Marcotte said. Their porch swing was pinned against a window, but somehow didn’t break the glass.



AUSTIN, Texas – As storms and flooding wreak havoc across Texas, FEMA officials are warning of another danger: scam artists and unscrupulous contractors out to fleece communities and survivors struggling to recover from disaster.

Be aware of these most common post-disaster scams:

Housing inspectors: If home damage is visible from the street, an owner/applicant may be vulnerable to those who pose as housing inspectors and claim to represent FEMA or the U.S. Small Business Administration.

  • Ask for identification. Federal and state representatives carry photo ID. A FEMA or SBA shirt or jacket is not proof of affiliation with the government.

  • FEMA inspectors never ask for banking or other personal information. < >EMA housing inspectors verify damage but do not hire or endorse specific contractors to fix homes or recommend repairs. They do not determine eligibility for assistance.

  • Use licensed local contractors backed by reliable references; recovery experts recommend getting a written estimate from at least three contractors, including the cost of labor and materials; and read the fine print.

  • Demand that contractors carry general liability insurance and workers’ compensation. If he or she is not insured, you may be liable for accidents that occur on your property.

  • Avoid paying more than half the costs upfront. Doing so offers little incentive for the contractor to return to complete repairs.

Pleas for post-disaster donations: Con artists play on the sympathies of disaster survivors, knowing that people want to help others in need. Disaster aid solicitations may arrive by phone, email, letter or face-to-face visits. Verify charitable solicitations:

  • Ask for the charity’s exact name, street address, phone number and web address, then phone the charity to confirm that the person asking for funds is an employee or volunteer.

  • Don’t pay with cash. Pay with a check made out to the charity in case funds must be stopped later.

  • Request a receipt. Legitimate nonprofit agencies routinely provide receipts for tax purposes.

Offers of state or federal aid: Beware of anyone claiming to be from FEMA or the state and asking for a Social Security number, bank account number or other sensitive information. Scammers may solicit by phone or in person, promising to speed up the insurance, disaster assistance or building permit process. Others promise a disaster grant and ask for large cash deposits or advance payments. Here’s how to protect yourself:

  • Federal and state workers do not solicit or accept money. FEMA and SBA staff never charge applicants for disaster assistance, inspections or help in filling out applications. If you have any doubts, do not give out information and file a report with the police.

If you suspect fraud, call the FEMA Disaster Fraud Hotline at 866-720-5721. If you are a victim of a home repair or price-gouging scam, call the Office of the Texas Attorney General at 800-252-8011. For information regarding disaster-related fraud and how to protect yourself, visit texasattorneygeneral.gov/cpd/disaster-scams.

For more information on the Texas recovery, visit the disaster webpage for the May storms at fema.gov/disaster/4272; or visit the Texas Division of Emergency Management website at txdps.state.tx.us/dem. Follow us on Twitter @femaregion6.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

(TNS) - A biennial test shows that emergency officials — including some in Northwest Missouri — are ready to work together in the event of a disaster at a southeast Nebraska nuclear power plant.

That was the assessment of federal officials, who spoke during a Thursday morning briefing at the Nebraska Public Power District’s emergency operations center in Auburn, Nebraska.

The test, conducted Tuesday, is intended to probe how well agencies, other organizations and the utility itself would react to a crisis involving the Cooper Nuclear Station — positioned along the Missouri River three miles south of Brownville, Nebraska. NPPD owns and operates the plant, and representatives also attended Thursday’s briefing.



Tiered storage is the process of assigning progressively less-expensive storage categories to progressively less-valuable data. It’s up to IT to classify storage tiers using a matrix of performance, price (Capex and Opex), storage capacity and data services. Classifying data priority is not entirely up to IT. Within the same storage system, automated tiering functions will classify data by features like I/O patterns and move it accordingly within the storage system’s internal storage tiers.

However, IT will need to assign data priority by business need in order to migrate data effectively throughout the storage infrastructure, ultimately landing in highly cost-effective cold storage. Different companies will assign different data priorities according to their business and compliance needs.

Aging is the most common metadata for demoting data to less expensive storage, but other factors may affect the outcome. For example, IT may progressively demote aging data and eventually add it to cold storage on tape or cloud. But some aging data may reside long-term on SATA on-premises storage because it is subject to regular information audits.



While hurricanes are notoriously unpredictable, scientific advancements allow unprecedented insight into what to expect as a storm season approaches. The bad news? 2016 is anticipated to be a doozy, according to a just-released report from The Weather Company. Let’s take a closer look at what weather experts say lies ahead, along with tips for overcoming this less-than-sunny outlook.

Putting the Hurricanes in Hurricane Season

What’s headed our way, according to The Weather Company forecast? Approximately 14 named storms, eight hurricanes, and three major (Category 3 or stronger) hurricanes will comprise the 2016 Atlantic hurricane season.

If this sounds like a lot, that’s because it is: The 30-year historical average consists of 12 named storms, six hurricanes, and three major hurricanes. The Weather Company’s most recent outlook also outpaces predictions from earlier this spring, including one from Colorado State University (CSU) which anticipated 13 named storms, six hurricanes, and two major hurricanes.



Only a few years ago, business continuity was considered the gold standard of crisis response: If an organization was able to continue operation following an emergency situation, it was considered well-prepared for potential threats. However, today many organizations aim to go beyond business continuity to achieve operational resilience—to not only come back from a crisis, but to continue day-to-day operation with minimal changes to the business.

Resiliency refers to the capacity for a company to thrive, despite the inevitable challenges that it will face over time. IBM has defined operational resilience as “the ability of an organization’s business operations to rapidly adapt and respond to internal or external dynamic changes—[including] opportunities, demands, disruptions or threats—and continue operations with limited impact to the business.” This includes crises such as severe weather, unplanned IT outages, violent incidents, public relations gaffes and everything in between.

Many organizations are not effectively prepared for potential crises. And when one does hit, they struggle to get back up and running. In a 2014 survey, nearly 25 percent of organizations lost critical applications or files for multiple days following a crisis, and 20 percent of companies reported post-incident losses ranging from $50,000 to $5 million. This is not true operational resiliency.



When employees leave a company and take sensitive data with them, intentionally or not, the repercussions can be massive. In February of this year, an employee leaving the FDIC exposed 44,000 FDIC customers’ personal information when she downloaded the data to her personal storage device. Later the same month, a former employee of UK regulator Ofcom offered his new employer as much as six years of sensitive data provided to the regulator by television companies.

A recent survey of 400 employees by Veriato, a provider of employee monitoring software, found that a third of respondents believe they own or share ownership of the corporate data they work on;  more than half feel it's acceptable to take corporate data with them when they leave a job.

"The potential damage from even one employee taking confidential and proprietary customer data, software code or login credentials with them to a new job, especially with a competitor, is astronomical," Veriato COO Mike Tierney said at the time.

So what should companies do to prevent such potentially serious damage?