Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Jon Seals

Jon Seals

Wednesday, 06 July 2016 00:00

Cyber Criminals attack on Third Parties

When enterprises such as health insurance providers and supermarket chains hold millions of customer names together with social security numbers or credit card details, they become preferred targets for hackers.

One successful attack can garner huge amounts of valuable data, and beats launching millions of attacks at one end-customer per attack (even if that were possible).

The same holds true for businesses, instead of private customers. If you have not asked the following information security questions to your third party service suppliers, now is the time.

Third party suppliers can hold a surprisingly large amount of information about businesses like yours, and about your customers too.

...

http://www.opscentre.com/cyber-criminals-attack-third-party/

In a new Radware survey 84 percent of US and UK information technology executives at companies that had not faced ransom attacks said they would never pay a ransom; however, 43 percent of respondents from companies that had been attacked said that ransoms had been paid. This is one of the findings from Radware’s 2016 Executive Application & Network Security Survey. Radware polled more than 200 IT executives across the US and UK for the study.

The study found that US companies were far more willing to admit that they would pay a ransom. Among US firms who had not been attacked, 23 percent indicated they were prepared to pay a ransom, in contrast to the 9 percent in the UK.

Companies that paid ransoms reported an average of $7,500 in the US and £22,000 in the UK.

“This is a harbinger of the challenging decisions IT executives will face in the security arena,” said Carl Herberger, Radware’s Vice President of Security Solutions. “It’s easy to say you won’t pay a ransom until your system is actually locked down and inaccessible. Organizations that take proactive security measures, however, reduce the chance that they’ll have to make that choice.”

In addition to the responses to ransom attacks, the survey also found that companies see work-from-home arrangements as an increasing risk. The survey found a big jump in changes to telecommuting policies, with 41 percent of respondents saying they have tightened work-from-home security policies in the last two years.

...

http://www.continuitycentral.com/index.php/news/technology/1233-how-often-do-organizations-pay-attackers-after-ransom-attacks

Tuesday, 05 July 2016 00:00

The Importance of Executive Sponsorship

The most commonly cited obstacle to Business Continuity (BC)/Disaster Recovery (DR) program success is a lack of management support, and this is for good reason. New and non-established BC Management (BCM) programs have to overcome serious inertia in order to succeed.

Full-Time Equivalents

Business continuity is not a core competency of most organizations and few employ a full-time team of BCM professionals. According to the 2014 CI/KPMG benchmarking survey, the majority of organizations have between 0 and 2 FTEs dedicated to primary BC/DR functions:

...

http://www.missionmode.com/importance-executive-sponsorship/

When natural disasters strike, news stories frequently cover damage to homes and consumers, but businesses often experience greater losses, ranging from physical destruction to downtime. A key element for firms to survive in a disaster scenario is the development and deployment of a strong business continuity (BC) plan.

Evolve IP, a cloud services company based in Wayne, Pennsylvania, warns that now is not the time for businesses to become complacent about their business continuity plans because of the historical patterns of two related events: El Nino and La Nina. Both of these conditions occur when the Pacific Ocean and the atmosphere sustain significant temperature changes.

The most recent El Niño season was the worst in two decades, causing billions of dollars in damages and losses. But now comes La Nina. The last significant La Niña was tied to record winter U.S. snowfall, spring flooding across the country, and drought conditions in the south and Midwest. The National Oceanic and Atmospheric Administration (NOAA) says there is a 75 percent chance that La Niña will be in place by the fall and potentially last up to three years. This one could result in larger hurricanes making U.S. landfall; that would have a significant impact on hundreds of thousands of businesses.

...

http://www.itbusinessedge.com/blogs/smb-tech/la-nina-could-be-the-next-big-threat-to-business-continuity.html

(TNS) -- When a glitch in phone company systems left Baltimore without 911 service for over an hour last week, The Baltimore Sun wanted to know how often such outages occur.

Public records made it clear that the outage wasn't unique, but much of the information about problems with 911 is confidential, making it difficult to figure out just how often the emergency phone system is out of action. The secrecy highlights the 911 system's strange role as a critical lifeline to police and fire departments, but one that is almost entirely run by private companies.

The Federal Communications Commission requires phone companies to submit reports about outages that affect a large number of people or that last for a long time. But the agency doesn't release the reports because they could contain proprietary information about how the companies set up their networks. When the Government Accountability Office investigated outages in 2015, it didn't even bother to look at the reports. Investigators wrote in a footnote that they saw no point in reviewing data they couldn't talk about publicly.

...

http://www.emergencymgmt.com/next-gen-911/Outage-Service-Secrecy.html