Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Industry Hot News

Industry Hot News (7050)

Is there a case for blockchain in your organization? Cutter Business Technology Journal contributing authors Steven Kurshand Arthur Schnure recently argued that companies should begin considering which parts of their organization might benefit from blockchain. Among their advice to CIOs and CTOs is to look for areas of friction when it comes to exchange of value or information that would benefit from a blockchain implementation and profit from a shared ledger system.

Write Kursh and Schnure, “Take a page from IBM, which announced in July 2016 that it plans to implement a solution to help its finance division resolve client and partner disputes. IBM believes the new system — one of the largest commercial rollouts of block­chain technology yet — will free up US $100 million in capital locked up in manual dispute resolutions. The company is beginning its journey to blockchain in a sector of its business where the benefits are real, yet the implementation is localized.”

“In the long run,” they continue, “blockchain technologies have the ability to enable cost savings, greater efficiency, more rapid transaction clearing, and greater cybersecurity. How­ever, the development and implementation costs at this stage are likely quite substantial. In addition, the greater energy requirements for a large-scale blockchain may be cost-prohibitive. Developing and implementing blockchain technologies in your organization will require resources and time. And as with most innovations, people and processes will need to change, potentially creating internal conflicts.

...

http://blog.cutter.com/2017/03/28/building-the-case-for-blockchain-in-your-organization/

According to a recent Kaspersky Lab report, attackers who demand a ransom in return for not launching a DDoS attack (or to call off an attack in progress) can earn thousands of dollars in bitcoins, enabling the profitability of such attacks to exceed 95 percent.

"And the fact that the owners of online sites are often willing to pay a ransom without even checking whether the attackers can actually carry out an attack (something that other fraudsters have already picked up on) adds even more fuel to the fire," the report notes.

DDoS attacks, according to the report, can cost anywhere from $5 for a 300-second attack to $400 for a 24-hour attack.

...

http://www.esecurityplanet.com/network-security/cybercriminals-see-95-percent-profit-from-ddos-attacks.html

While data backup and replication have their similarities, they are not the same, and rather than competing with one another can be used as complimentary tools to maximise the efficiency of an IT environment.

Data backup is the process of taking a copy of data at a fixed point in time and storing it for a set time frame (retention) in an alternate location to its original source.

Backups are typically used to make sure regulations and compliance around data protection are being met, and to protect against data loss.

...

https://www.redstor.com/en-gb/news/back-basics-differences-between-backup-and-replication/

“Give me your gut!” (as in “gut feeling”) has long been the cry of business continuity management in meetings, trying to make sense of complex situations or cut through to the essentials.

Gut feelings are nonetheless only as good as judgement and the experience used to make them. They may therefore be wrong, for any number of reasons, including incomplete information, personal prejudice, and faulty reasoning. In business continuity, as in other domains, organisations cannot afford to run on gut feelings when the risk of error is too high. But are data-driven decisions on business continuity a better option?

Business analytics are often suggested as the “cure” for gut feeling.

Instead of trying to deal with emotions or personal preferences, the idea is to use facts as the basis for decision.

...

http://www.opscentre.com/business-continuity-gut-feeling-data-driven-decisions/

As I’ve said many times, cybersecurity seems to be more about reacting than acting or being proactive. Now, a new study by 1E found that, in fact, IT professionals spend a third of their time reacting to emergencies.

Nearly 30 percent of the IT tasks are unplanned, which works out to be about 14 weeks of job time per year. More than half of the respondent admit that a problem that is found relatively quickly (within an hour) can take most of the day to resolve.

While this study looks at IT as a whole, it fits into the scope of security, as well. Think of the amount of downtime that is caused by a security incident and how long it takes you to get the company up and running properly again, or how long it takes to resolve that incident. Then ask yourself if you were prepared to address the security incident. Again, I think the formal statement that Sumir Karayi, founder and CEO of 1E, made is as applicable for security as well as overall IT functions:

We knew that IT teams spend a lot of time on unplanned incidents, but we didn’t think it was this high – one third of their time. That’s taking a huge toll on their ability to innovate.

...

http://www.itbusinessedge.com/blogs/data-security/why-your-business-must-be-prepared-for-security-incidents.html

More than 30,000 people in low-lying coastal areas have been urged to evacuate their homes ahead of powerful Cyclone Debbie, as it bears down on the Queensland coast in northeastern Australia.

With landfall expected early Tuesday, Cyclone Debbie is currently a Category 4 storm and could intensify to Category 5. A Category 4 storm on the Australian scale equates to wind gusts of more than 140 miles per hour, the New York Times said.

Storm surge poses the biggest threat as the cyclone strengthens, according to major weather forecasters and news outlets.

...

http://www.iii.org/insuranceindustryblog/?p=4885

We have been a fan of the Incident Command System (ICS) since the 1990s. It was created in my fair state – California – to manage wildfires. Everyone realized early on, it had many more uses that just the fire service.  It it now required for all city, county, state and federal departments and agencies. What about a company?

Many companies fail to have a great Crisis Management Team because they lack four simple things. Are you developing or retooling the team you have? Then you should consider using ICS.

On Wednesday, March 29, I will be doing a general session at DRJ in Orlando with one of our clients,Salt River Project (SRP), who have embraced ICS.  We will both be speaking so you will learn from the “horses mouth” how SRP reorganized their team and the results.

The goal of this presentation is to help you create both a great team and a great process in order to manage incidents large and small. There are four key things that we often find missing in company teams and plans:

  1. A clearly defined structure
  2. Identified roles and responsibilities
  3. A formal assessment process and team
  4. The ability or knowledge to develop an Incident Action Plan (IAP)

You will learn how SRP has embraced the Incident Command System, refocusing their Crisis Management Team and their processes to be even more effective.

Topics Covered

  • Incident Command System – a powerful methodology.
  • Crisis Management Teams – Roles and responsibilities.
  • Initial Assessment Team – Who should be on the team.
  • Incident Action Plan (IAP) – How to write one.

Speakers

  • Regina Phelps, EMS Solutions Inc.
  • Kenneth Lewis, Salt River Project, Principal Emergency Management Program Analyst

http://www.drj.com/springworld/index.php/event-program/general-sessions

You lock your home—now lock your network. This means having a reliable and secure data center and following basic safety rules, like locking down ports, shutting off services, removing rights and privileges when no longer justified, and using firewalls. You’ll also need host and network intrusion detection and prevention (IDS/IPS) as well as physical access controls such as badge, PIN pad and biometrics etc., to ensure you let only the right traffic and the right people in.

The best way to keep a secret is to encrypt it. But what to encrypt? Encryption can occur at many layers—the network, the physical disk drive, the database, or individual fields. All encryption is not the same; algorithms have different key lengths, some are slower in performance than others and some have been compromised through the ages. Be aware, and keep current with encryption techniques.

At the application layer, strong authentication is key. Create a process for good passwords and keep it simple so people will use it, but make it strong to keep the bad guys out. Passphrases, account ID images and challenge questions are other techniques. A simple technique to use for challenge questions is to not respond with the answer to the question being asked. If the question is “What is your mother’s middle name” use a word like “chair” or “fish.” These red herring responses cannot be traced back to your Facebook or other social accounts.

...

http://www.mir3.com/cybersecurity-principle-locked-door/

A man drives a car into pedestrians on Westminster Bridge, keeps driving, crashes the car outside the Houses of Parliament, then tries to enter the complex armed with a knife. Four people are dead, including a policeman and the assailant, and at least 40 injured.

The investigation into yesterday’s terrorist attack in the heart of London is ongoing, as Westminster bridge reopens and Parliament gets back to work.

Small group and “lone wolf” terrorist attacks are seen as indicative of the shifting nature of terrorism, according to experts (here and here).

...

http://www.iii.org/insuranceindustryblog/?p=4875

Monday, 27 March 2017 20:38

Crowds in Crises

Back in 2015 the world was captivated by the Universal film “Jurassic World”. Viewers praised Chris Pratt’s performance in this science fiction thriller, but were more entertained by a different kind of hero. During a pterosaur attack causing resort guests to push, shove, and trample each other as they flee, a man is spotted grabbing two margaritas before seeking his own safety…or the safety of the second margarita’s owner. #priorities

Movies typically depict a crowd’s response to an emergency or disaster scenario as emotionally driven, almost irrationally selfish. It’s widely assumed that as mass hysteria and panic take hold of a crowd, people do whatever they can to better serve themselves. But does this actually occur off the screens? Are we really all the margarita man?

Social psychology says no. Research dating back as far as the 1950’s show that behavior in disaster response is generally pro-social and collaboratively altruistic. History backs this theory up.

...

http://www.bcinthecloud.com/2017/03/crowds-in-crisis/

Page 1 of 34