We publish weekly updates from the business continuity world, covering recent news items or reflecting on our travels and experiences with clients.
Charlie addresses topics from a Business Continuity perspective and you might be surprised how much of today’s news relates to BC! Providing valuable insight, Charlie raises critical questions which will surely encourage you to reconsider your Business Continuity plans.
In this week’s bulletin, Charlie gives an insight into how the event went and discusses the main business continuity themes throughout the conference. This week, I have been at the BCI World Hybrid Event in London, and I thought I would share what I thought of the event and also what it says about the state of business
In this week’s bulletin, Charlie discusses the future of AI within the business continuity industry, with a particular focus on Business Impact Analysis and how it has the potential to revolutionise business continuity processes. Over the last couple of weeks, whenever I’ve been in the car, I’ve been listening to the BBC Sounds podcast The Coming Storm. It
In this week’s bulletin, Charlie discusses the impact of the role of nation-states in cyber attacks and looks at some of the attacks we have seen in the UK recently. On the 8th of October 2024, MI5 Director General Ken McCallum gave a speech on the threats to the UK, covering the counter-terrorism threat and state threats from
In today’s bulletin, Charlie looks at the recent collapse of ISG and gives an insight into what we can learn about supply chain management. Nick Sims of Cornwood Consulting inspired this bulletin, by sharing recent insights into supply chain issues at Aston Martin. He mentioned, “In a strategic adjustment, Aston Martin announced it would reduce its 2024 production
In this week’s bulletin, Charlie looks at the pros and cons of SIMEX (Simulation Exercise) and gives an insight into his experience running a live SIMEX. About three weeks ago, I planned, ran, and reported on the biggest SIMEX I have ever conducted in my whole career. It was a ‘no notice’ exercise, meaning the organisation was not
In this week’s bulletin, Charlie discusses the BCI’s CBCI Certification course and how it has changed from when it was first developed, and discusses his recent experience teaching a classroom CBCI course in Glasgow. You aren’t meant to forget your first time, but I can’t remember the first time I taught the Business Continuity Institute’s (BCI) CBCI training
In today’s bulletin, Charlie follows up from last week’s bulletin on no-notice exercises and shares some of his experiences of his recent live exercise. On Wednesday, PlanB Consulting conducted the biggest exercise we have ever planned and delivered. It was a no-notice exercise involving five different teams responding to a cyber incident. As per last week’s bulletin, I
In this week’s bulletin, Charlie discusses the importance of no-notice exercises and the importance of planning in an exercise. Shortly, I will conduct the largest exercise I have ever carried out. It is a live exercise involving five different teams responding to a cyber incident. The exercise will involve a full role-playing cell, with role players from both
In today’s bulletin, Charlie looks at some factors which are leading to a global increase in incidents and he gives advice on how we can prepare for these incidents. This week I thought I would share some thoughts I have had for a while on why I believe we are going to see an increase in incidents over
In this week’s bulletin, Charlie discusses the recent riots that have taken place across the UK and looks at the effects that spreading disinformation can cause. According to the BBC, the police are on standby for possible further unrest over this weekend, so I thought I would discuss what we can learn about the importance of disinformation, as
In this week’s bulletin, Charlie discusses the recent CrowdStrike outage and discusses the thoughts that other consultants have had on the incident. When I heard about the CrowdStrike incident, I was in the middle of the kingdom of Fife with my daughter picking up her new puppy. Desperate for the latest, I had her going through BBC Sounds
In this week’s bulletin, Charlie gives an insight into the points that should be addressed within a business continuity plan and the importance of including cyber within the plan. When I am teaching cyber incident management, I always talk about four areas which need to be addressed when responding to a ransomware incident. They are: communications and regulation
In this week’s bulletin Charlie highlights the key learnings from the RUSI Report. As a teacher of cyber incident management, I quite rarely get to hear first-hand about cyber incidents, and case studies are quite rare. The public sector has done a few, including SEPA, the London Library, and Gloucestershire City Council, but overall, information from the private
In this week’s bulletin, Charlie discusses the recent NHS cyber attack and what lesssons we can learn from what happened. Last week I was keen to write a bulletin on the above subject, but I ran out of time. This week I was determined to get it written and out to bulletin readers. The incident is one of
In this week’s bulletin, Charlie continues his bulletin from 2022 on whether cyber attacks have killed people, and looks at the impacts of a cyber attack in the healthcare sector. In August 2022, I wrote the following bulletin ‘Have Cyber Attacks Killed People’ which looked at possible incidents which might have caused deaths. It looked at direct attacks such as
In this week’s bulletin, Charlie looks at different news platforms and gives his experience of comments left on LinkedIn for recent D-Day tributes. To date, I have contentiously avoided getting TikTok on my phone. Not for any moral reason, but as my youngest daughter Phoebe said, “Daddy, you will enjoy it too much.”. I can lose the odd
In this week’s bulletin, Charlie discusses the role of a leader in a crisis team and looks at some of the key things to consider when choosing a leader. I went to an interesting and informative webinar this week titled ‘How to Lead Effectively in a Crisis‘, with Jonathan Hemus asking the questions and Sean Cunningham, Group Crisis
In this week’s bulletin, Charlie looks at the role of MSPs in a cyber incident and gives an insight into how they can work with organisations to be prepared for a potential incident. In a couple of weeks, I am doing a presentation at a ScotlandIS event in Glasgow which will be attended by MSPs, so I thought
In this week’s bulletin, Charlie discusses what is covered in basic and advanced cyber exercises and looks at why organisations should consider running more sophisticated exercises. As cyber attacks continue apace – and having ran a sophisticated cyber exercise on Tuesday – I thought for this week’s bulletin, I would share some thoughts on ‘exercising beyond the basics’.
This week, Charlie gives advice on how schools and trusts can prepare for cyber incidents and provides a useful checklist of considerations. In last week’s bulletin, I wrote about ‘Business Continuity Planning in Schools’. Once the bulletin had gone out, it occurred to me that I hadn’t mentioned anything about cyber, so I thought this week I would
In this week’s bulletin, Charlie gives an insight into Gloucester City Council’s cyber attack that took place late last year and discusses what we can learn from the incident. The above report was published in December 2023, and I have just got around to reading it. I thought that, after looking at the British Library’s cyber attack report
In this week’s bulletin, Charlie looks into the cyber attack on the British Library and discusses what organisations can take away from the attack. It’s difficult to extract lessons learned from cyber response when you are not the responder. Most organisations don’t like to share their lessons, or when they do, they mainly do so behind closed doors.
In this week’s bulletin, Charlie investigates the newest AI-driven scams and examines the advantages and disadvantages of AI in the online world with the help of Google Gemini. This week, I was the allocated tutor for the BCT Certificate in Cyber Incident Management Course. This is the first time in a year and a half, so I was quite
In this week’s bulletin, Charlie discusses the pros and cons of paying a ransom and provides us with some advice about how we can be more resilient when faced with a ransomware threat. This week, I conducted a cyber exercise with a Housing Association, and I have another upcoming exercise with a senior management team. One of the
In this week’s bulletin, Charlie covers the important use of RTOs (Recovery Time Objectives) and RPOs (Recovery Point Objectives) in response to a cyber-attack. This week, I have been teaching a Cyber Incident Management course in Frankfurt. One of the discussions was whether the RTOs and RPOs we capture in the BIA (Business Impact Analysis) are suitable and
With the news today of Russian troops moving into the regions of Luhansk and Donetsk I thought I would share some thoughts with readers of the PlanB Consulting newsletter, on some risks to consider and to plan for. The risk to consider are:1. If you still have employees in the region, have you planned to evacuate them safely
A deep dive into the Amedia AS cyber hack which occurred over the holiday period. Charlie discusses in-depth all the important lessons to take away from how Amedia AS dealt with the hack. For the beginning of the year, I thought I may start off with a fluffy article about what your business continuity New Year’s resolutions should
Charlie lists the key points that you can learn, from the SEPA cyber-attack that occurred last year. He discusses what is important and how to ask yourself these questions to make sure you and your organisation are always prepared. Keen readers of the bulletin will remember when I wrote a number of bulletins commenting on the SEPA cyber-attack
We are pleased to announce that we have been shortlisted in the ‘Best Cyber Breakthrough’ category for the 2021 Scottish Cyber Awards. Organised by The Scottish Business Resilience Centre (SBRC) and now in its fifth year, the awards recognise and celebrate stand-out individuals and organisations making a positive impact in Scotland’s cyber security sector. Jude McCorry, CEO of
Charlie looks at the lessons you need to take away from a low-level cyber attack. I am going to leave the New York flooding, storm and the hurricane in Louisiana for another day and just write a short piece on this incident I came across on phishing emails. More details on the incident can be found here > The
As podcasts are becoming the new ‘thing’, Charlie shares his three favourites. Keep up-to-date with business continuity by listening to these incredibly interesting and thought-provoking podcasts. As many of you may have plans to go on holiday soon, I thought I would share three cyber podcasts I really enjoy listening to regarding business continuity. I highly advise you
The Kaseya cyber-attack has been in the news for the last few days and I thought this was an opportunity not to look at the detail of the attack itself but to look at the issue of supply chain cyber attacks. Supply chain cyber attacks are where criminals target software vendors or IT services companies in order to
This week, Charlie discusses the effects a cyber attack can have on an organisation’s process control and SCADA systems. For the last three weeks, I have been working for a power and water company in the Caribbean with my wife, Kim. We delivered a programme to improve their response to a wide range of incidents and started by
Updated 29 May 2021 This week I talk about costs that are often overlooked when dealing with ransomware attacks. I am signed up to many newsletters and Google alerts on cyber incidents, and I never cease to be amazed by the sheer number of organisations that have ransomware attacks. I did my PhD in Emergency Planning and Disaster Management
This week I discuss the issues associated with communications after a cyber-attack, and how to develop a plan that will make a huge difference in an organisation’s ability to survive and keep their reputation after a data breach. To be able to cover multiple time zones, yesterday I was up at seven o’clock for a cyber exercise with
This week, I talk about the issues associated with the fire in the OVH cloud data centre and how ‘putting your IT in the cloud’ is not a risk-free solution. Working from home: Is your business continuity problem solved? There seemed to be a moment sometime last year, when many issues associated with business continuity were solved, and
This week I discuss credential stuffing, a type of cyber attack which you should be looking out for! “The irony of credential stuffing is that organisations that have not suffered a direct data breach often become indirect victims when their users’ accounts are compromised due to someone else’s data breach” Debbie Walkowski, F5 Labs. Look after your passwords I
This week I look at the risk of a cyber-attack and the importance of reviewing your vulnerability to water, wastewater and electricity loss. Cyber attack on the water treatment plant in Oldsmar, Florida One of the big news stories from the last couple of weeks has been the hacking of the water treatment plant in Oldsmar, Florida on the 5th
The SUNBURST hack in 2020 of the SolarWinds Orion Software showed that any organisation could be vulnerable to a cyber breach. The hack compromised 18,000 of the organisation’s systems’ including many USA Government organisations. No matter how well prepared an organisation is, there is always a risk, so the key is to prepare your response as well. Large organisations like Equifax, Marriot and Travelex have demonstrated the
Update 29th January 2021 The Yin and Yang of a SEPA’s Cyber Incident Response On Christmas Eve, the Scottish Environment Protection Agency was hacked and many of their systems were taken offline, including their emails, and they are yet to recover them. They have also said that they lost 1.2 GB of data “this is equivalent to a small fraction
This week I share some key learning points on ransomware negotiation. This week I am going to share with you what I learned from speaking to Mike Fowler, VP of Intelligence Services at GroupSense, a specialist cyber response company. One of the services they offer is ransomware negotiation and I thought in this bulletin I would share what a ransomware
This week I discuss the possible benefits of paying a cyber ransom and whether this is illegal. Legality I thought this week I would do a bit of research on a subject that has intrigued me for a while, which is the legality of paying cyber ransoms. In news articles about firms who have been a victim of ransomware, there
This week I look at doxing, the different ways it can affect your organisation and how you should prepare. Should I be worried about it? The short answer is yes. The long answer is also yes, but after seeing the word in a cyber article I was reading this week, I thought I would do a little more research
This week I look at at the recent cyber incident involving New Zealand’s Stock Exchange and marks their response out of 100. I thought this week I would write about an incident which I have been following for the last month, the Distributed Denial of Service (DDoS) attack on the New Zealand stock exchange, which took place at the