This newsletter highlights all the feature articles published on Continuity Central during April 2019 as well as various resources.

NOTE: If you cannot read this newsletter properly visit www.continuitycentral.com/roundupmay2019.html

FEATURE ARTICLES

ClearView

Business Continuity Awareness Week 2019 updates
Business Continuity Awareness Week (BCAW) is an annual global event that is facilitated by the Business Continuity Institute (BCI) and this year takes place from 13th to 17th May. This page provides updates through to the end of BCAW.
Read the article
• World

Lessons from a ransomware attack
In the wake of a reported ransomware attack on global manufacturing firm Aebi Schmidt, Peter Groucutt outlines the steps companies should take to prepare for such incidents. A clear cyber incident response plan and maintaining frequent communication are critical.
Read the article
• UK / World

Why reporting minor incidents can help prevent future catastrophes
Health and safety sometimes gets a degree of ridicule, with managers and employees seeing it as unnecessary red-tape; but paying attention to minor incidents is an important step in helping to prevent potential future disasters. Klaus Allion explains more.
Read the article
• UK / World

Daisy

New research paper investigates the relationship between organizational resilience and organizational performance
A paper written by researchers at the Brawijaya University, Indonesia, provides the results of an investigation into the relationship between organizational resilience and organizational performance both directly and indirectly.
Read the article
• World

Business continuity risk assessments: is looking at likelihood a waste of time?
Charlie Maclean Bristol discusses whether you should consider likelihood when conducting a risk assessment as part of the business continuity process. Do you need to know how likely it is that a threat will become an actuality; or is knowledge of the impact of the threat enough?
Read the article
• UK / World

IT resilience is central to a successful digital transformation
Steve Blow explains that while businesses must remain consistently focussed on digital transformation in order to not fall to the back of the pack, digital transformation efforts could be futile if businesses don’t address and improve their IT resilience.
Read the article
• World

Assurance Software

Digital transformation: why business continuity and data security are key
Don Boxley looks at some important questions that need to be asked to ensure that business continuity and data security are considered during digital transformation projects.
Read the article
• World

To BIA or not to BIA... revisited
In June 2017 Continuity Central published the results of a survey which looked at whether attitudes to the business impact analysis and risk assessment were changing. Two years on, we are repeating the survey to determine whether there has been any development in thinking across the business continuity profession.
Read the article
• World

Overcoming barriers to becoming a security-first organization
Taking a security-first approach involves prioritizing security in all areas of the business, including its people, processes and applications; and requires moving away from a simple ‘protecting the perimeter’ approach. Justin Calmus highlights four key areas that organizations need to consider when moving in this direction.
Read the article
• World

Don’t go once more unto the breach: fix these policy configuration mistakes
It may not be the most interesting aspect of protecting your business but optimizing policy configuration for firewalls and other security devices is an important consideration. Asher Benbenisty examines four common security policy errors, and shows how organizations can avoid them.
Read the article
• World

RESEARCH, REPORTS & PUBLICATIONS

Risk Logic

Aon's 2019 Global Risk Management Survey identifies challenges organizations face in managing traditional and emerging risks
Economic and global trade concerns are challenging organizations' ability to invest adequately in preparing for and protecting the continuity of their operations, according to findings from Aon's 2019 Global Risk Management Survey.
Read the article
• World

FEMA publishes advice for enhancing supply chain resilience
FEMA has released a new guide to supply chain resilience aimed at helping emergency managers with recommendations and best practices on how to analyze local supply chains and work with the private sector to enhance supply chain resilience using a five-phased approach.
Read the article
• US

'You Say Incident, I Say Event': exploring a challenging term
A new white paper written by the Disaster Recovery Institute’s Glossary Committee looks at the difficulty the committee has experienced in defining the term ‘incident’ and explains why agreeing a definition is important.
Read the article
• US / World

eBRP

Building resilience for the new normal: lessons from Hurricane Florence
ISET-International has published a post event review of the impacts of Hurricane Florence, identifying lessons learned and providing recommendations for enhancing flood resilience.
Read the article
• US / World

Mid-Market IT Priorities Report looks at technology risk trends
Node4 has published its Mid-Market IT Priorities Report, which surveyed 300 mid-market IT decision-makers, including IT managers, CIOs, IT directors and Heads of IT. It identifies how IT leaders in organizations from a range of industries are managing both their existing and new technologies.
Read the article
• UK / World

Cyber attacks ‘reach a new intensity’ while security fails to keep up
A sharp increase in the number and cost of cyber attacks is the key finding in a study of more than 5,400 organizations across seven countries, commissioned by insurer Hiscox.
Read the article
• Various

Fortress

Researchers find that the impacts of successful cyber attacks can last for up to five years
Researchers at Warwick Business School have found that security breaches have a lasting impact on organizations, with breached companies typically paying lower dividends and invested less in research and development up to five years after the attack.
Read the article
• UK / World

BSI publishes analysis of global supply chain risks
BSI has identified five major themes that are most likely to impact the supply chain through 2019; these are described in the SCREEN Global Intelligence Report: Top Potential Supply Chain Trends for 2019.
Read the article
• World

Organizations where risk management has a seat at executive management meetings are more likely to have high-performing programs
73 percent of high-performing risk programs that have risk management represented in executive management meetings (most or all the time) are more likely to exceed performance goals and achieve higher growth according to a new risk management survey by Deloitte.
Read the article
• US

Capital Continuity

Environmental ‘secondary perils’ are becoming an increasing threat says Swiss Re Institute
The catastrophe loss experience of the last two years is a wake-up call for the insurance industry, highlighting a trend of growing devastation wreaked by so-called ‘secondary perils’ – which are independent small to mid-sized events, or secondary effects of a primary disaster.
Read the article
• World

Cyber hygiene is at an all-time low finds report
Keysight has published the third annual Security Report from Ixia, its cybersecurity and visibility business. The 2019 report analyzes the biggest security findings over the past year from Ixia’s Application and Threat Intelligence (ATI) Research Center.
Read the article
• World

Industrial control systems increasingly threatened by unaddressed vulnerabilities
According to Positive Technologies, the number of new vulnerabilities in Industrial Control Systems (ICSs) grew by 30 percent between 2017 and 2018. The US still has a lead in the number of Internet-accessible ICS components, with 95,661 IP addresses for ICS components found in 2018 compared to 64,287 in 2017.
Read the article
• World

Emerging Risks Monitor finds that accelerating privacy regulation is the top emerging risk
Concerns about rapidly accelerating privacy regulations and their associated regulatory burdens has become the top emerging risk that organizations face globally, according to Gartner’s latest Emerging Risks Monitor report.
Read the article
• World

Survey shows the business impact of trust failures
Failing to maintain trust undermines customer loyalty and damages revenues, with over three quarters (79 percent) of UK consumers saying they’ll leave a supplier that they don’t trust anymore.
Read the article
• UK

European Supervisory Authorities publish ICT risk management and cybersecurity guidance for European Commission
The European Supervisory Authorities (ESAs) have published two pieces of Joint Advice in response to requests made by the European Commission in its March 2018 FinTech Action Plan. The guidance documents aim to promote stronger operational resilience and harmonization in the EU financial sector.
Read the article
• Europe

Proposed ISO standard on cyber insurance is ‘premature and inappropriate’ according to FERMA
The Federation of European Risk Management Associations (FERMA) has expressed concern about the ISO/IEC 27102 ‘Information Security Management Guidelines For Cyber Insurance’ standard, which is currently under development.
Read the article
• Europe / UK

New resource aims to help organizations with service continuity management
Carnegie Mellon University’s Software Engineering Institute (SEI) has published a new Technical Note to assist organizations that have conducted its Cyber Resilience Review to use the results to develop a service continuity management (SCM) plan.
Read the article
• US / World

Board involvement is a key indicator of vendor risk management maturity
Protiviti and the Shared Assessments Program have released findings of their 2019 ‘Vendor Risk Management Benchmark Study: Running Harder to Stay In Place’ report, an extensive study of organizational risk posture assessed by industry sector and program criteria.
Read the article
• World

The majority of organizations say that insider attacks are becoming more common
Bitglass has released ‘Threatbusters’, its 2019 Insider Threat Report. In partnership with a cyber security community, Bitglass surveyed IT professionals about insider threats, as well as what their organizations are doing to defend against them.
Read the article
• World

UK Government publishes annual Cyber Security Breaches Survey
The Cyber Security Breaches Survey is a quantitative and qualitative survey of UK businesses and charities which is published each year by the Government, providing a useful record of how cyber attacks have developed.
Read the article
• UK

Organizations should prioritise the ‘digital fitness’ of risk management functions
Organizations should focus on developing stronger digital skills and capacity in their risk function in order to make more informed decisions about risk in a technology-driven world, according to the eighth edition of PwC's Risk In Review study.
Read the article
• World

Certificate-related outages frequently impact critical business applications and services
Venafi has released the results of a study of the scale and frequency of certificate-related outages on critical business infrastructure. Over 550 chief information officers from the US, UK, France, Germany and Australia participated in the study.
Read the article
• Various

An overview of enterprise risk management practices
The ERM Initiative in the Poole College of Management at North Carolina State University has issued a report which makes ten key observations about how organizations are using enterprise risk management.
Read the article
• US/ World

New global study shows deep concern about third-party cyber risk
BitSight and the Center for Financial Professionals (CeFPro) have released the results of a joint study shedding light on how financial institutions are addressing challenges associated with third-party cyber risk.
Read the article
• US/ World

Survey: Brexit is far more difficult to prepare for than Y2K
A survey from Eggplant has found that when it comes to an organization’s systems, 57 percent of respondents believe that the impact of Brexit has proved to be far more complex to prepare for than Y2K/the Millennium Bug.
Read the article
• UK

BSI urges businesses to move towards ‘information resilience’
In today’s quickly evolving cyber landscape, organizations must achieve a state of information resilience in order to safeguard not only their data but also their people, their finances and their reputation. That was the overriding message at the inaugural BSI International Cyber Resilience Exchange which took place recently at The Convention Centre, Dublin.
Read the article
• Europe / World

Too much security data holding information security back: many see machine learning as the answer
CyberEdge Group has published its sixth annual Cyberthreat Defense Report (CDR). The report found that IT security’s greatest inhibitor to success is contending with too much security data.
Read the article
• World

IoT threats and attacks are increasing, but rely on well-known security weaknesses
A new report from F-Secure finds that Internet of Things related threats and the number of attacks continue to increase, but still rely on well-known security weaknesses, such as unpatched software and weak passwords.
Read the article
• World

CALL FOR PAPERS

Written a relevant article or white paper? We'd like to consider it for publication on Continuity Central. Simply e-mail editor@continuitycentral.com

PRIVACY NOTICE

You can read our privacy information at https://www.continuitycentral.com/index.php/privacy-and-cookies

You have subscribed to this newsletter. To unsubscribe visit:
http://www.continuitycentral.com/index.php/unsubscribe or e-mail webmaster@continuitycentral.com

This email was from:
Portal Publishing Ltd, PO Box 1393, Huddersfield, HD1 9TN, UK

Continuity Central is a registered trademark