This newsletter highlights all the feature articles published on Continuity Central during June 2017 as well as various resources.

NOTE: If you cannot read this newsletter properly visit www.continuitycentral.com/roundupjuly2017.html

FEATURE ARTICLES

ClearView

To BIA or not to BIA? Final survey results
One of the differentiators of the new approach to business continuity advocated by Adaptive BC is the removal of the business impact analysis and risk assessment from the business continuity process. Continuity Central conducted a survey to assess whether this is a realistic proposal. The results, based on a total of 212 responses, are now available...
Read the article
• World

To BIA or not to BIA? A response from Adaptive BC
Mark Armour, one of the developers of the Adaptive Business Continuity framework, gives his reaction to Continuity Central’s survey into current attitudes to the business impact analysis and the risk assessment.
Read the article
• World

What was the business impact analysis?
Adaptive BC, a website established to develop and promote a new approach to business continuity, has been calling for the elimination of the BIA. In this article David Lindstedt, one of the founders of Adaptive BC, explains why.
Read the article
• World

Daisy

Denying the deniers: fighting back against DDoS attacks
Worldwide DDoS attacks increased significantly over the past year but they get much less publicity than other forms of cyber attack. Marie Hattar looks at why this is and what the latest techniques are to protect businesses against such incidents.
Read the article
• US / World

Organizational risks that you should definitely be acting on
It is easy for organizations to feel overwhelmed by the number and scale of the risks that are faced; but often the perception of the potential harm engendered by various risks is exaggerated. In this article Chris Butler lists the real risks that every organization needs to consider.
Read the article
• UK / World

Continuity2

Execution risk: why business continuity strategies sometimes fail
When it comes to business continuity, developing a strategy is often the focus of efforts; but what actually counts is execution. Campbell Macpherson looks at why strategies fail and what organizations can do to ensure success in this area.
Read the article
• UK / World

Recent cyber security technologies you may not yet be aware of
Gartner, Inc. has highlighted the latest technologies for information security and overviewed how organizations can use them to enhance security.
Read the article
• US / World

Four steps to integrate risk management into strategic planning
Alexei Sidorenko, CRMP, details four related steps that organizations can take to help them assess management strategies and then take actions to manage the associated risks.
Read the article
• Europe / World

Crisis Solutions

Ensuring business continuity during ERP migration
Enterprise resource planning software is used widely across many sectors but moving from one ERP vendor to another can be a daunted task due to the potential business continuity risks involved. Andres Richter looks at the issue.
Read the article
• World

The dangers of encryption becoming a political football
Recent terrorist activity in the UK has reignited the debate about the use of encryption. David Emm looks at the issue and explains why he believes that creating backdoors for government use creates a security risk for businesses.
Read the article
• UK / World

eBRP

Building trust in a digital world to support business resilience
Trust is an important intangible asset which has a huge impact on the success, or even on the survival, of your organization. Debbie Daly looks at how to protect and build trust into today’s environment.
Read the article
• UK / World

Are we missing the point of risk management activities?
The focus of this article by Geary Sikich is on the application of guidance (ISO 31000, FFIEC, etc.) often resulting in the appearance of compliance resulting from a checkbox perspective rather than actually and actively identifying and managing risk by organizations.
Read the article
• US / World

RESEARCH, REPORTS & PUBLICATIONS

Capital Continuity

BCI report highlights the need for stronger cyber resilience culture
With phishing and social engineering maintaining their position as the top driver of cyber disruptions, there is a need for a stronger cyber resilience culture across organizations, and a focus on the human aspects of the threat.
Read the article
• World

Survey finds that many organizations are failing to prepare for data protection risks
Experian Data Breach Resolution and Ponemon Institute have released an industry study revealing that while companies generally are aware of and intimidated by global privacy and data security regulations, they fail to properly understand and address necessary organizational changes to comply.
Read the article
• World

DNS attacks are posing an increasing threat to businesses
EfficientIP has published the results of a survey that was conducted for its 2017 Global DNS Threat Survey Report. It explored the technical and behavioural causes for the rise in DNS threats and their potential effects on businesses across the world.
Read the article
• UK / World

Over half of security professionals will stop putting sensitive data in the cloud due to GDPR: survey
A new survey by eperi gives insights into what the new EU General Data Protection Regulation (GDPR) will mean for organizational cloud practices. The study indicates uncertainty when it comes to cloud security as 53 percent of respondents said that GDPR data security requirements would keep them from putting sensitive data in the cloud.
Read the article
• UK / Europe

Security and data protection risks are top cloud concerns of UK organizations
Businesses are pressing ahead with their digital transformation plans, despite fears of being hit by a cyber attack or data protection regulations. This is according to a new independent research report from Advanced, which questioned over 500 senior executives in UK organizations about their attitudes to using the cloud as part of their digital transformation plans.
Read the article
• UK

How WannaCry managed to infect industrial control systems
The Kaspersky Lab ICS Computer Emergency Response Team (CERT) has published a paper on how the global WannaCry ransomware attacks of 12 to 15 May, 2017 were able to successfully infect a number of ICS computers.
Read the article
• World

ASIS International replaces business continuity standards with new security and resilience standard
ASIS International has released a new standard, ‘Security and Resilience in Organizations and Their Supply Chains — Requirements with Guidance’ (ORM.1) that provides security professionals with an integrated risk-based management systems approach to manage risk and enhance resilience in organizations and their supply chain.
Read the article
• US / World

Survey identifies tangible advantages of having a cyber incident response team in place
IBM Security has published the results of a global study exploring the implications and effects of data breaches on today's businesses. Sponsored by IBM Security and conducted by Ponemon Institute, the study found that the average cost of a data breach is $3.62 million globally, a 10 percent decline from 2016 results.
Read the article
• Various

Mission critical applications being neglected in disaster recovery plans
Many enterprises don’t devote enough attention to mission critical applications when creating disaster recovery plans. One of the biggest reasons for this is the ‘resiliency perception gap ,’ or the gap between executives’ perceptions of the effectiveness of their resiliency strategies and how successful these plans actually are at protecting against application outages or downtime.
Read the article
• Various

ENISA publishes sixth annual report about large-scale outages in the European electronic communication sector
ENISA’s Annual Incidents report provides an aggregated analysis of incidents affecting the availability of services reported to ENISA and the European Commission under Article 13a, by the National Regulatory Authorities (NRAs) of the different EU Member States.
Read the article
• Europe

Organizations are turning to artificial intelligence and machine learning systems for cyber security
Radware has published its 2017 Executive Application & Network Security Survey, which highlights that executives in the US and Europe now place broad trust in artificial intelligence (AI) and machine learning systems, designed to protect organizations from dynamic cyber threats.
Read the article
• US / World

Report examines top emerging risks that organizations need to be aware of
Swiss Re's 2017 SONAR report features 20 new emerging risk themes and six emerging trend spotlights. Although some of these are specific to the re/insurance industry, many should be on the radar of all organizations.
Read the article
• World

ERP systems will increasingly be a target for attacks: report
Crowd Research Partners, with the support of ERPScan, have released the ERP Cybersecurity Survey 2017. The research revealed that there is still a lack of both awareness and security measures taken by enterprises even though the majority of cybersecurity professionals anticipate a growing number of attacks on ERP systems.
Read the article
• World

Reputational risk is an increasing concern for CEOs: KMPG survey
Reputational risk has risen to the top of CEOs’ agendas as public scrutiny of business intensifies, according to the findings of a new survey by KPMG.
Read the article
• Various

Industroyer: the biggest threat to industrial control systems since Stuxnet
ESET has discovered a malware that represents the biggest threat to critical infrastructure since Stuxnet. Named Industroyer, the malware has been designed to disrupt industrial processes.
Read the article
• World

UK National Counter Terrorism Security Office publishes new crowded places guidance
The National Counter Terrorism Security Office (NaCTSO) has released an updated guidance document to give protective security advice to those responsible for managing the security of crowded places.
Read the article
• UK

Plan B see large uptick in ransomware based disaster recovery invocations
Plan B has published statistics showing that 44 percent of all customer disaster recovery invocations in the last 12 months have been to deal with ransomware attacks; and 87 percent of these have been within the past six months.
Read the article
• UK

Bored and distracted employees are biggest potential information security risk
Employees who become distracted at work are more likely to be the cause of human error and a potential security risk, according to a poll conducted by Centrify at Infosec Europe.
Read the article
• World

Report captures lessons from Australian Taxation Office outages
The Australian Taxation Office (ATO) has released a report into systems outages that it experienced in December 2016 and February 2017. The report incorporates findings from ATO’s own internal review, as well as technical advice and a separate report prepared by independent expert reviewers.
Read the article
• Australia

United States ‘Community Mitigation Guidelines to Prevent Pandemic Influenza’ updated
The Centers for Disease Control and Prevention (CDC) has just released details of an update to a key pandemic preparedness document.
Read the article
• US

Why corporate confidence in cyber protection contrasts with increased attack levels
Findings from Willis Towers Watson's Cyber Pulse Survey give responses from organizations and their employees on cyber security practices across the United States and United Kingdom.
Read the article
• US / UK

A business impact analysis for organizational resilience
Business continuity professional Luke Bird is currently working on a MSc Research Thesis for Glasgow Caledonian University, looking at the BIA in an organizational resilience context. As part of this research Luke is conducting a survey and is inviting Continuity Central readers to take part.
Read the article
• UK / World

Out of date system use is still widespread across organizational devices
Duo Security has released the ‘2017 Duo Trusted Access Report’, which provides an analysis of the security health of 4.6 million endpoint devices across multiple industries and geographic regions.
Read the article
• World

Microsoft announces public preview of disaster recovery for Azure IaaS VMs using Azure Site Recovery
Rochak Mittal, principal program manager, for Microsoft Cloud + Enterprise, has given details of a new Azure Site Recovery (ASR) based disaster recovery option.
Read the article
• US / World

Boards still not taking cyber threats as seriously as they should: survey
Key decision makers do not have confidence in their Boards’ ability to manage cyber security threats, according to the latest cyber security analysis from Control Risks.
Read the article
• UK / World

Lack of skills and resources are the top barriers to effective cyber threat detection and management
Alert Logic has published the results of a survey conducted amongst 317 security professionals in the UK, Benelux and Nordics, which reveal the latest data points and trends in cyber security.
Read the article
• UK / Europe

CALL FOR PAPERS

Written a relevant article or white paper? We'd like to consider it for publication on Continuity Central. Simply e-mail editor@continuitycentral.com

You have subscribed to this newsletter. To unsubscribe visit:
http://www.continuitycentral.com/index.php/unsubscribe or e-mail webmaster@continuitycentral.com

This email was from:
Portal Publishing Ltd, PO Box 1393, Huddersfield, HD1 9TN, UK, Tel: +44 1484300750

Continuity Central is a registered trademark