We publish weekly updates from the business continuity world, covering recent news items or reflecting on our travels and experiences with clients.
Charlie addresses topics from a Business Continuity perspective and you might be surprised how much of today’s news relates to BC! Providing valuable insight, Charlie raises critical questions which will surely encourage you to reconsider your Business Continuity plans.
In today’s bulletin, Charlie discusses the cyber incident on the Polish Grid last December, and gives an insight into the similarities to recent attacks in Ukraine. I have wanted to research and write about this event for some time, and this week seems ideal. Aside from the attacks on the Ukrainian Grid in 2015 and 2016, this is
In today’s bulletin, Charlie discusses how to manage a cyber attack involving a supplier and explains the importance of planning for a potential issue. This week I was on site with a client. On Monday we conducted a half-day training session for their Silver Team and then their Gold Team, while on Tuesday, led by our consultant Stuart,
In today’s bulletin, Charlie gives an insight into the latest trends in ransomware data and how this has changed in the last few years. It has been three years since I published a bulletin on the facts and figures of cyber ransomware attacks, and I thought I would look at what the latest data says, especially around: The percentage of
In today’s bulletin, Charlie looks at the ways in which cyber attackers and cyber attack defenders are using AI, and how AI can support their goals. I recently discovered that, in a couple of weeks, I was due to be in two places at once – umpiring a large client exercise and delivering a talk entitled “How Hackers
In today’s bulletin, Charlie discusses Comhairle nan Eilean Siar’s cyber attack back in 2023 and gives an insight into ways organisations can aid recovery after a cyber incident. This week, as some of you may have seen on LinkedIn, I have been in Stornoway on the Isle of Lewis, speaking to the Council about their cyber attack. They
In today’s bulletin, Charlie discusses the recent findings from Check Point’s State of Cyber Security Report and gives an idea of the takeaways from the report. This week, I have been teaching my two-day cyber course, and I felt inspired to write something on cyber. While browsing the internet, I came across Check Point’s report on ‘The State
In the latest bulletin, Charlie discusses the introduction of learning theories in exercising and looks into why these theories are useful when conducting an exercise.
In today’s bulletin, Charlie looks at some factors which are leading to a global increase in incidents and he gives advice on how we can prepare for these incidents. This week I thought I would share some thoughts I have had for a while on why I believe we are going to see an increase in incidents over
This week, Charlie gives advice on how schools and trusts can prepare for cyber incidents and provides a useful checklist of considerations. In last week’s bulletin, I wrote about ‘Business Continuity Planning in Schools’. Once the bulletin had gone out, it occurred to me that I hadn’t mentioned anything about cyber, so I thought this week I would
In this week’s bulletin, Charlie investigates the newest AI-driven scams and examines the advantages and disadvantages of AI in the online world with the help of Google Gemini. This week, I was the allocated tutor for the BCT Certificate in Cyber Incident Management Course. This is the first time in a year and a half, so I was quite
In this week’s bulletin, Charlie discusses the pros and cons of paying a ransom and provides us with some advice about how we can be more resilient when faced with a ransomware threat. This week, I conducted a cyber exercise with a Housing Association, and I have another upcoming exercise with a senior management team. One of the
To kick start BCI’s Business Continuity Awareness Week, Jamie Lees, Consultant here at PlanB Consulting, writes about todays topic, Cyber Resilience. Quantum Computing and its Implications for Cyber Resilience In today’s world, the use of encryption to secure digital assets has become commonplace. However, as technology continues to advance, encryption methods that were once thought to be virtually
In this week’s bulletin, Charlie covers the important use of RTOs (Recovery Time Objectives) and RPOs (Recovery Point Objectives) in response to a cyber-attack. This week, I have been teaching a Cyber Incident Management course in Frankfurt. One of the discussions was whether the RTOs and RPOs we capture in the BIA (Business Impact Analysis) are suitable and
This is part 2 of last week’s bulletin, discussing the dire impacts of a cyber attack on healthcare services. Communications Communications are incredibly important in a healthcare setting, especially as they are looking after many patients. Any incident, changes, or location swap affecting the patients must be rapidly communicated to the patient’s loved ones or next of kin.
After conducting cyber incident exercises in a hospital this week, Charlie is sharing his key take aways and research, looking specifically at healthcare organisations. Earlier this week at PlanB Consulting, my colleagues and I wrote and then delivered two exercises for a hospital in the UK. We delivered the first exercise for the Gold Team in the morning
With the news today of Russian troops moving into the regions of Luhansk and Donetsk I thought I would share some thoughts with readers of the PlanB Consulting newsletter, on some risks to consider and to plan for. The risk to consider are:1. If you still have employees in the region, have you planned to evacuate them safely
A deep dive into the Amedia AS cyber hack which occurred over the holiday period. Charlie discusses in-depth all the important lessons to take away from how Amedia AS dealt with the hack. For the beginning of the year, I thought I may start off with a fluffy article about what your business continuity New Year’s resolutions should
Charlie lists the key points that you can learn, from the SEPA cyber-attack that occurred last year. He discusses what is important and how to ask yourself these questions to make sure you and your organisation are always prepared. Keen readers of the bulletin will remember when I wrote a number of bulletins commenting on the SEPA cyber-attack
We are pleased to announce that we have been shortlisted in the ‘Best Cyber Breakthrough’ category for the 2021 Scottish Cyber Awards. Organised by The Scottish Business Resilience Centre (SBRC) and now in its fifth year, the awards recognise and celebrate stand-out individuals and organisations making a positive impact in Scotland’s cyber security sector. Jude McCorry, CEO of
Charlie looks at the lessons you need to take away from a low-level cyber attack. I am going to leave the New York flooding, storm and the hurricane in Louisiana for another day and just write a short piece on this incident I came across on phishing emails. More details on the incident can be found here > The
As podcasts are becoming the new ‘thing’, Charlie shares his three favourites. Keep up-to-date with business continuity by listening to these incredibly interesting and thought-provoking podcasts. As many of you may have plans to go on holiday soon, I thought I would share three cyber podcasts I really enjoy listening to regarding business continuity. I highly advise you
The Kaseya cyber-attack has been in the news for the last few days and I thought this was an opportunity not to look at the detail of the attack itself but to look at the issue of supply chain cyber attacks. Supply chain cyber attacks are where criminals target software vendors or IT services companies in order to
This week, Charlie discusses the effects a cyber attack can have on an organisation’s process control and SCADA systems. For the last three weeks, I have been working for a power and water company in the Caribbean with my wife, Kim. We delivered a programme to improve their response to a wide range of incidents and started by
This week I discuss the issues associated with communications after a cyber-attack, and how to develop a plan that will make a huge difference in an organisation’s ability to survive and keep their reputation after a data breach. To be able to cover multiple time zones, yesterday I was up at seven o’clock for a cyber exercise with
Updated 29 May 2021 This week I talk about costs that are often overlooked when dealing with ransomware attacks. I am signed up to many newsletters and Google alerts on cyber incidents, and I never cease to be amazed by the sheer number of organisations that have ransomware attacks. I did my PhD in Emergency Planning and Disaster Management
This week, I talk about the issues associated with the fire in the OVH cloud data centre and how ‘putting your IT in the cloud’ is not a risk-free solution. Working from home: Is your business continuity problem solved? There seemed to be a moment sometime last year, when many issues associated with business continuity were solved, and
This week I discuss credential stuffing, a type of cyber attack which you should be looking out for! “The irony of credential stuffing is that organisations that have not suffered a direct data breach often become indirect victims when their users’ accounts are compromised due to someone else’s data breach” Debbie Walkowski, F5 Labs. Look after your passwords I
This week I look at the risk of a cyber-attack and the importance of reviewing your vulnerability to water, wastewater and electricity loss. Cyber attack on the water treatment plant in Oldsmar, Florida One of the big news stories from the last couple of weeks has been the hacking of the water treatment plant in Oldsmar, Florida on the 5th
The SUNBURST hack in 2020 of the SolarWinds Orion Software showed that any organisation could be vulnerable to a cyber breach. The hack compromised 18,000 of the organisation’s systems’ including many USA Government organisations. No matter how well prepared an organisation is, there is always a risk, so the key is to prepare your response as well. Large organisations like Equifax, Marriot and Travelex have demonstrated the
Update 29th January 2021 The Yin and Yang of a SEPA’s Cyber Incident Response On Christmas Eve, the Scottish Environment Protection Agency was hacked and many of their systems were taken offline, including their emails, and they are yet to recover them. They have also said that they lost 1.2 GB of data “this is equivalent to a small fraction
This week I share some key learning points on ransomware negotiation. This week I am going to share with you what I learned from speaking to Mike Fowler, VP of Intelligence Services at GroupSense, a specialist cyber response company. One of the services they offer is ransomware negotiation and I thought in this bulletin I would share what a ransomware
This week I discuss the possible benefits of paying a cyber ransom and whether this is illegal. Legality I thought this week I would do a bit of research on a subject that has intrigued me for a while, which is the legality of paying cyber ransoms. In news articles about firms who have been a victim of ransomware, there
This week I look at doxing, the different ways it can affect your organisation and how you should prepare. Should I be worried about it? The short answer is yes. The long answer is also yes, but after seeing the word in a cyber article I was reading this week, I thought I would do a little more research
This week I look at at the recent cyber incident involving New Zealand’s Stock Exchange and marks their response out of 100. I thought this week I would write about an incident which I have been following for the last month, the Distributed Denial of Service (DDoS) attack on the New Zealand stock exchange, which took place at the