+44 (0)2039 098573


Knowledge Zone

Here you will find articles, archive blogs and case studies that PlanB have used or created over the years. To find information please type a keyword into the search box or click on the relevant tag.

We publish weekly updates from the business continuity world, covering recent news items or reflecting on our travels and experiences with clients.

Charlie addresses topics from a Business Continuity perspective and you might be surprised how much of today’s news relates to BC! Providing valuable insight, Charlie raises critical questions which will surely encourage you to reconsider your Business Continuity plans.

Cyber Incident Management Exercises – Exercising Beyond the Basics

In this week’s bulletin, Charlie discusses what is covered in basic and advanced cyber exercises and looks at why organisations should consider running more sophisticated exercises. As cyber attacks continue apace – and having ran a sophisticated cyber exercise on Tuesday – I thought for this week’s bulletin, I would share some thoughts on ‘exercising beyond the basics’.

A Schools Cyber Incident Response Checklist

This week, Charlie gives advice on how schools and trusts can prepare for cyber incidents and provides a useful checklist of considerations. In last week’s bulletin, I wrote about ‘Business Continuity Planning in Schools’. Once the bulletin had gone out, it occurred to me that I hadn’t mentioned anything about cyber, so I thought this week I would

Notes from The Gloucester City Council Managing a Cyber Attack – Case Study

In this week’s bulletin, Charlie gives an insight into Gloucester City Council’s cyber attack that took place late last year and discusses what we can learn from the incident. The above report was published in December 2023, and I have just got around to reading it. I thought that, after looking at the British Library’s cyber attack report

The British Library Cyber Incident Report – Standard or New Lessons?

In this week’s bulletin, Charlie looks into the cyber attack on the British Library and discusses what organisations can take away from the attack. It’s difficult to extract lessons learned from cyber response when you are not the responder. Most organisations don’t like to share their lessons, or when they do, they mainly do so behind closed doors.

The Positives and Negatives of AI in the Cyberspace

In this week’s bulletin, Charlie investigates the newest AI-driven scams and examines the advantages and disadvantages of AI in the online world with the help of Google Gemini. This week, I was the allocated tutor for the BCT Certificate in Cyber Incident Management Course. This is the first time in a year and a half, so I was quite

Ransomware- Considerations for whether you should pay or not pay a ransom

In this week’s bulletin, Charlie discusses the pros and cons of paying a ransom and provides us with some advice about how we can be more resilient when faced with a ransomware threat. This week, I conducted a cyber exercise with a Housing Association, and I have another upcoming exercise with a senior management team. One of the

Do Application RTOs and RPOs ‘Work’ During a Cyber Incident?

In this week’s bulletin, Charlie covers the important use of RTOs (Recovery Time Objectives) and RPOs (Recovery Point Objectives) in response to a cyber-attack. This week, I have been teaching a Cyber Incident Management course in Frankfurt. One of the discussions was whether the RTOs and RPOs we capture in the BIA (Business Impact Analysis) are suitable and

9 Risks and an Opportunity in Response to Events in Ukraine

With the news today of Russian troops moving into the regions of Luhansk and Donetsk I thought I would share some thoughts with readers of the PlanB Consulting newsletter, on some risks to consider and to plan for. The risk to consider are:1. If you still have employees in the region, have you planned to evacuate them safely

Learning Points From the SEPA Cyber-Attack

Charlie lists the key points that you can learn, from the SEPA cyber-attack that occurred last year. He discusses what is important and how to ask yourself these questions to make sure you and your organisation are always prepared. Keen readers of the bulletin will remember when I wrote a number of bulletins commenting on the SEPA cyber-attack

PlanB Consulting Finalists for Best Cyber Breakthrough

We are pleased to announce that we have been shortlisted in the ‘Best Cyber Breakthrough’ category for the 2021 Scottish Cyber Awards. Organised by The Scottish Business Resilience Centre (SBRC) and now in its fifth year, the awards recognise and celebrate stand-out individuals and organisations making a positive impact in Scotland’s cyber security sector. Jude McCorry, CEO of

Low-Level Cyber Attacks

Charlie looks at the lessons you need to take away from a low-level cyber attack. I am going to leave the New York flooding, storm and the hurricane in Louisiana for another day and just write a short piece on this incident I came across on phishing emails. More details on the incident can be found here > The

Cyber Podcasts You Need To Listen To!

As podcasts are becoming the new ‘thing’, Charlie shares his three favourites. Keep up-to-date with business continuity by listening to these incredibly interesting and thought-provoking podcasts. As many of you may have plans to go on holiday soon, I thought I would share three cyber podcasts I really enjoy listening to regarding business continuity. I highly advise you

Kaseya Attack: What is a supply chain cyber attack?

The Kaseya cyber-attack has been in the news for the last few days and I thought this was an opportunity not to look at the detail of the attack itself but to look at the issue of supply chain cyber attacks. Supply chain cyber attacks are where criminals target software vendors or IT services companies in order to

Process Controls, SCADA and Cyber Security

This week, Charlie discusses the effects a cyber attack can have on an organisation’s process control and SCADA systems. For the last three weeks, I have been working for a power and water company in the Caribbean with my wife, Kim. We delivered a programme to improve their response to a wide range of incidents and started by

Communications with Stakeholders after a Ransomware Attack

This week I discuss the issues associated with communications after a cyber-attack, and how to develop a plan that will make a huge difference in an organisation’s ability to survive and keep their reputation after a data breach. To be able to cover multiple time zones, yesterday I was up at seven o’clock for a cyber exercise with

The Hidden Costs of Ransomware

Updated 29 May 2021 This week I talk about costs that are often overlooked when dealing with ransomware attacks. I am signed up to many newsletters and Google alerts on cyber incidents, and I never cease to be amazed by the sheer number of organisations that have ransomware attacks. I did my PhD in Emergency Planning and Disaster Management

It’s OK, it’s in the Cloud: Lessons from the OVH Cloud Data Centre Fire

This week, I talk about the issues associated with the fire in the OVH cloud data centre and how ‘putting your IT in the cloud’ is not a risk-free solution. Working from home: Is your business continuity problem solved? There seemed to be a moment sometime last year, when many issues associated with business continuity were solved, and

Credential Stuffing – A different type of cyber attack

This week I discuss credential stuffing, a type of cyber attack which you should be looking out for! “The irony of credential stuffing is that organisations that have not suffered a direct data breach often become indirect victims when their users’ accounts are compromised due to someone else’s data breach” Debbie Walkowski, F5 Labs. Look after your passwords I

Beware of the self-wiggling mouse – Water industry & Cyber

This week I look at the risk of a cyber-attack and the importance of reviewing your vulnerability to water, wastewater and electricity loss. Cyber attack on the water treatment plant in Oldsmar, Florida  One of the big news stories from the last couple of weeks has been the hacking of the water treatment plant in Oldsmar, Florida on the 5th

Cyber Incident Response: A preparation framework

The SUNBURST hack in 2020 of the SolarWinds Orion Software showed that any organisation could be vulnerable to a cyber breach. The hack compromised 18,000 of the organisation’s systems’ including many USA Government organisations. No matter how well prepared an organisation is, there is always a risk, so the key is to prepare your response as well. Large organisations like Equifax, Marriot and Travelex have demonstrated the

The SEPA Cyber Attack a Case Study

Update 29th January 2021 The Yin and Yang of a SEPA’s Cyber Incident Response  On Christmas Eve, the Scottish Environment Protection Agency was hacked and many of their systems were taken offline, including their emails, and they are yet to recover them. They have also said that they lost 1.2 GB of data “this is equivalent to a small fraction

Ransomware attack: Who ya gonna call, Mike?

This week I share some key learning points on ransomware negotiation. This week I am going to share with you what I learned from speaking to Mike Fowler, VP of Intelligence Services at GroupSense, a specialist cyber response company. One of the services they offer is ransomware negotiation and I thought in this bulletin I would share what a ransomware

Cyber Ransoms – Should I Pay?

This week I discuss the possible benefits of paying a cyber ransom and whether this is illegal. Legality I thought this week I would do a bit of research on a subject that has intrigued me for a while, which is the legality of paying cyber ransoms. In news articles about firms who have been a victim of ransomware, there

What is doxing, and should I be worried about it?

This week I look at doxing, the different ways it can affect your organisation and how you should prepare. Should I be worried about it? The short answer is yes. The long answer is also yes, but after seeing the word in a cyber article I was reading this week, I thought I would do a little more research

Marks out of 100 for the NZ Stock Exchange Cyber Incident Response

This week I look at at the recent cyber incident involving New Zealand’s Stock Exchange and marks their response out of 100. I thought this week I would write about an incident which I have been following for the last month, the Distributed Denial of Service (DDoS) attack on the New Zealand stock exchange, which took place at the

Cyber Playbooks – Updated & Revisited

Charlie discusses developing a new kind of playbook which could help you plan for different types of cyber-attack. This week I have had a bit of an epic journey. I started off in Shetland and ended the week in Abu Dhabi, having spent a couple of days in Riyadh, Saudi Arabia. I only visited one company in Saudi,

What lessons can we learn from Marriott’s response to their Cyber Breach?

This week, Charlie discusses the Marriott hotel hack and how you can prepare your organisation for a potential data breach. You couldn’t have missed the Marriott hotel’s cyber breach and the possible loss of up to 500 million customer records in the news last week. There are a number of lessons we can learn from their response and

Cyber Playbooks Revisited – An Example

This week Charlie revisits cyber playbooks and invites your thoughts on whether his example fits your idea of what they should contain… A while ago, I wrote what I thought were the contents of a cyber playbook, and through my reading I thought I had a consensus of what one should contain. After having delivered a number of cyber public and

What is the difference between a cyber and a “normal” incident?

This week Charlie looks at the ways in which cyber and “normal” incidents are different and why these differences may affect how the incident is managed. Over the last ten days, I have run both a one and a two day Managing and Preparing for Cyber Incidents training course and, as a result, I am in the cyber incident management “zone”. So, this week

10 lessons from the report on the NHS WannaCry cyber attack

This week Charlie reflects on the newly released WannaCry report and outlines key lessons organisations can take from the cyber attack. The National Audit Office investigation into the “WannaCry cyber attack and the NHS” was published this week, so I thought I would share 10 lessons from the report which are relevant to all organisations. 1. In the report, it stated that

A beginner’s guide to cyber security’ webinar

Thank you to Sadia Anwar for delivering this month’s webinar, giving us an insight into cyber security and helping raise awareness, as part of European Cyber Security Month. We hope you all enjoyed the webinar as much as we did. If you missed the webinar, you can view the recording by clicking on the YouTube video below. Details about our next webinar will be released in due

Cyber Incident Management Training – 10 Lessons Learned

This week Charlie looks at the lessons learned during our first Managing and Preparing for Cyber Incidents course. Yesterday, I ran Managing and Preparing for Cyber Incidents for the first time and I thought I would share ten lessons that were learned during the training. 1. When you have decisions to make that involve 2-3 different potential outcomes, it might be a good

What is a playbook and do you need one?

What is a playbook and do you need one? In this blog post, I am going to describe what is a playbook and then give examples of two different types.  What is a playbook? A playbook for me is typically associated with responding to a cyber incident and gives the actions, procedures and communications associated with responding to a

Some thoughts on the WannaCry Ransomware Attack

The WannaCry ransomware attack occurred last weekend and caused major disruption to the NHS, and subsequently, many other organisations. Charlie provides his thoughts and introduces our new Managing and Preparing for Cyber Incidents training course. The waters are still again and all appears to be quiet. A few are still busy recovering from the attack, but just because all seems still, as watchers of the

Cyber Incident Management

This week, I want to look at cyber incident management and share my thoughts on how the response to cyber incidnets can differ from managing other incidents. If you look at the internet there is not a lot of guidance and information on managing cyber incidents from an organisational point of view. There is a huge amount on the

Is Business Continuity Missing a Trick?

This week Charlie talks about the links between business continuity and cyber security.  Yesterday I went to an excellent seminar, organised by the Scottish Business Resilience Centre, called ‘Trading Security for Business’. It was all about the threats to mobile devices and how to secure them. By the end of the day I felt I could do nothing else then

DDoS Attacks: Better Safe than Sorry

DDoS attacks can be fatal for your business – learn to protect yourself This week Milena takes a look at the recent cyber attacks businesses increasingly suffer from.  DDoS attacks have recently been causing upheaval for many businesses. As some try to recover from the attacks and businesses become more aware of this threat, it is time to

Ten lessons from a cyber attack response exercise

This week Charlie conducted a cyber attack as the scenario in a response exercise. Here are some lessons learnt from conducting the exercise. 1.     I don’t think you need to be an IT security expert to conduct a cyber attack exercise. The technical element of the exercise is done by IT, and if you are looking at the

Credit card details of 20 million South Koreans stolen!

I noticed this headline on the BBC website this week and it really stood out as a huge breach of security. The data was supposedly stolen by an IT contractor working for a company called the Korea Credit Bureau that produces credit scores.  It appears that he stole the names, social security numbers and credit card details of 20

CrypoLocker – It couldn’t possibly happen to you……

You stroll into work one morning without a care in the world, you fire up your computer, get yourself a coffee and then settle down to work. You decide the first task of the day is to finish the report you started yesterday and go to open the file you saved last night.  You find that the file

Scroll to Top
Scroll to Top