|
This newsletter
highlights all the feature articles published on Continuity Central
during April 2023, as well as various resources.
NOTE: If you cannot
read this newsletter properly visit www.continuitycentral.com/roundupmay2023.html
FEATURE
ARTICLES
Defensible decision making in operational resilience and crisis management
Continuity Central recently reported on a decision by the PRA to fine an ex-TSB CIO due to poor decision-making relating to outsourcing contracts which resulted in operational resilience failures. In this article, David Honour explores the role of defensible decision making in helping prevent such incidents in future.
Read the article
• UK / World
The intersection of DORA, operational resilience, and business continuity
As impacted organizations start to look at DORA compliance, Michael Bratton considers its scope, highlights provisions that align to other regulations, and outlines areas that may help practitioners seeking to build cohesive resilience programs and frameworks that encompass multiple risk disciplines.
Read the article
• World
The role of APIs in rebuilding and securing digital supply chains
Since the Sunburst attack at the end 2020, digital supply chains have been in the spotlight as an area of organizational vulnerability. Jason Kent looks at the issue and explains why APIs are part of the solution.
Read the article
• World
Using gamification to help build cyber resilience
Human errors are present in most cyber attacks says Dr John Blythe; and standard prescriptive training programmes are not proving to be very effective in improving this situation. In this article he explains why gamification can improve employee learning, outcomes, and overall cyber resilience.
Read the article
• World
Why the Internet needs orchestration for resilience
Internet connectivity has become the central fabric of our modern economy and for many organizations is critical to operations and services. What can individual organizations do to improve Internet resilience? Nick Sacke explores…
Read the article
• World
RESEARCH, REPORTS, AND GUIDANCE
Advertisement
Operational resilience: a guide to impact tolerance
Considering, defining, and building consensus around impact tolerances is a vital aspect of operational resilience. This guide, the Impact Tolerance Builder, provides a framework for developing impact tolerances…
Read the article |
New OnSolve report shows large increase in severe physical threats to organizations
OnSolve has published its 2023 OnSolve Global Risk Impact Report, which found significant increases in three rising threats globally in 2022 when compared to 2021.
Read the article
• US / World
Report calls for a more joined up approach to cyber legislation and regulation around the world
(ISC)² and the Royal United Services Institute (RUSI) have released a new research report titled ‘Global Approaches to Cyber Policy, Legislation and Regulation’.
Read the article
• World
Developers opening their organizations up to breaches by knowingly deploying vulnerable code
Checkmarx released its Global Pulse on Application Security study at the 2023 RSA Conference in San Francisco. Developed with Censuswide, the research uncovered global trends around current security challenges faced by CISOs, application security (AppSec) leaders and software developers...
Read the article
• World
Many organizations are falling short when it comes to travel risk management
Everbridge has revealed findings which show that only 24 percent of surveyed organizations have a strong travel risk management (TRM) programme in place. The results come from the company’s year-long study of more than 200 global C-suite executives.
Read the article
• World
Cloud Security Alliance paper explores the ‘Security Implications of ChatGPT’
The Cloud Security Alliance (CSA) has released Security Implications of ChatGPT, a whitepaper that provides guidance across four areas relating to ChatGPT use.
Read the article
• World
Sustainability is now the top priority for major organizations finds survey
The latest edition of the Futurum environmental sustainability index, produced quarterly by The Futurum Group in collaboration with Honeywell, has revealed that sustainability has now become the leading priority for major organizations.
Read the article
• World
New guidance on managing third-party risk for Canada’s financial institutions
Canada’s Office of the Superintendent of Financial Institutions (OSFI) has published its final ‘Third-Party Risk Management Guideline’ (Guideline B-10) which sets out third party risk management expectations for Federally Regulated Financial Institutions (FRFIs).
Read the article
• Canada
Using artificial intelligence to enable earlier and more reliable tsunami alerts
An early warning system that quickly classifies submarine earthquakes and determines the risk of tsunami events has been developed by scientists at Cardiff University, Wales.
Read the article
• World
New BCI report highlights the developing use of technology in the resilience profession
The BCI has released its latest survey and interview-based report, Technology in Resilience Report 2023. Sponsored by iluminr, this examines technologies and their impact on the resilience industry.
Read the article
• World
Ransomware threat decreasing but concerns increase over quantum computing-based risks: 2023 Thales Data Threat Report
The 2023 Thales Data Threat Report has been released, providing an annual report on the latest data security threats, trends and emerging topics based on a survey of nearly 3000 IT and security professionals in 18 countries.
Read the article
• World
The State of Kubernetes Security in 2023
Red Hat’s ‘The State of Kubernetes Security for 2023 report’ looks at the specific security risks organizations face regarding cloud-native development, including risks to their software supply chain, and how they mitigate these risks to protect their applications and IT environments.
Read the article
• World
Research highlights cyber threat intelligence struggles that organizations are facing
Enterprise Management Associates (EMA) has published a new research report, ‘Cyber Threat Intelligence – Transforming Data Into Relevant Intelligence’. This shows that many organizations struggle with effectively leveraging cyber threat intelligence (CTI).
Read the article
• World
Two-thirds of British manufacturers believe their technology environment is too difficult to defend
BlackBerry Limited has today released the BlackBerry Manufacturing Cybersecurity Study, with a warning that outdated and unsupported legacy operational technologies (OT) are exposing substantial vulnerabilities for UK manufacturers facing escalating threats from nation-state attacks.
Read the article
• UK
NHS England issues version 2 of business continuity management toolkit
NHS England has made its latest Business Continuity Management Toolkit openly available, providing a useful resource for the profession.
Read the article
• UK
Survey shows huge lack of confidence in business continuity strategies for cyber attacks
Almost all IT and security leaders (96 percent) globally are concerned their organization will be unable to maintain business continuity following a cyber attack, according to a new study released today by Rubrik.
Read the article
• World
New report finds important differences in the way infosec and GRC teams define risk, vulnerability and threats
RiskOptics has published the results of its first Cyber Risk Viewpoints Survey. These reveal that both information security and GRC teams may be over-confident in their cyber and IT risk management systems.
Read the article
• US
Legacy technology is the greatest challenge for zero trust adoption
C-suite and other executives at organizations adopting zero trust say complexity and compatibility issues with legacy systems and environments pose the greatest challenge to adoption (44.6 percent), according to a Deloitte poll.
Read the article
• World
UK government releases annual Cyber Security Breaches Survey
The long-running Cyber Security Breaches Survey, commissioned by the UK government, is a research study on UK cyber resilience, aligning with the National Cyber Strategy. The 2023 study shows that cyber resilience in UK organizations seems to be moving backwards.
Read the article
• UK
Research shows that highly resilient smaller businesses outperform financially
A new report, published by Funding Circle in partnership with insights consultancy Savanta, has attempted to quantify the benefits that being highly resilient brings to small businesses in the UK.
Read the article
• UK / World
Atlantic hurricane season expected to be below average in 2023, but uncertainty is high
Colorado State University hurricane researchers are predicting a slightly below-average Atlantic hurricane season in 2023, mainly due to the expected development of El Niño.
Read the article
• Various
Online retailers are at increased risk from growth in sophisticated and organized fraud
A survey of chief financial officers (CFOs) at online merchants across 10 countries has found that fraud is on the increase across the board.
Read the article
• World
Shifting the Balance of Cybersecurity Risk: Security-by-Design and Default Principles
New guidance, written by a group of national cyber security agencies, explores the use of security-by-design to improve cyber resilience. The agencies are encouraging manufacturers of technology and associated products to take more responsibility for cyber security during the design and development process.
Read the article
• World
Majority of businesses increase investment in supplier risk detection
New research by Moody’s Analytics shows that the threat to reputation is a key driver of investment in supplier risk detection and highlights a lack of sophistication in third-party risk management.
Read the article
• World
Check Point Research notes a sharp increase in cyber attacks targeting IoT devices
With the growing use of IoT devices there has been an increase in cyber attacks against these, using various exploitable vulnerabilities. In the first two months of 2023 there was an average of almost 60 attacks per organization per week targeting IoT devices: 41 percent higher than in 2022, and more than triple the number of attacks from two years ago.
Read the article
• World
The Financial Stability Board sets out ways to achieve greater convergence in cyber incident reporting
The Financial Stability Board (FSB), an international body that monitors and makes recommendations about the global financial system, has published a report with recommendations to achieve greater convergence in cyber incident reporting.
Read the article
• World
Business leaders are overestimating the resilience of their organization
PwC’s bi-annual Global Crisis and Resilience Survey reveals that business leaders overestimate their organization’s resilience despite it being a high priority for most.
Read the article
• World
Data bias is an emerging risk but few organizations are currently addressing it
Progress has announced the results of a global study, ‘Data Bias: The Hidden Risk of AI’. Conducted by independent research firm, Insight Avenue, the report is based on interviews with more than 640 business and IT professionals...
Read the article
• Various
An effective cyber security program requires a human-centric focus
Security and risk management (SRM) leaders must rethink their balance of investments across technology and human-centric elements when creating and implementing cyber security programs in line with nine top industry trends, according to Gartner, Inc.
Read the article
• World
APRA changes date when new operational risk standard will be introduced
The Australian Prudential Regulation Authority (APRA) has announced that its new cross-industry operational risk management standard will now be introduced later than originally planned.
Read the article
• Australia
Many operational technology systems are at high or critical risk of cyber attacks
Results of a new survey show an increasing concern for ensuring safe and resilient operations while organizations work to implement more effective operational technology (OT) security strategies.
Read the article
• North America
NCSC updates guidance for board members on cyber risks
NCSC, the UK’s National Cyber Security Centre, has launched new resources as part of its Cyber Security Board Toolkit, to ‘help encourage senior leaders to have essential discussions about cyber security with their organizations’ technical experts and key stakeholders’.
Read the article
• UK
Marsh releases 2023 Political Risk Report
Marsh has published its 2023 Political Risk Report, outlining the major shifts and trends in the global political and economic landscape that will impact multinationals in the coming year.
Read the article
• World
The role of outcome-based security in improving cyber resilience
Many organizations follow a reactive approach to cyber security which is stifling their progress in demonstrating value and aligning with business outcomes, according to a new commissioned study conducted by Forrester Consulting on behalf of WithSecure.
Read the article
• Europe / World
NPSA case study highlights insider risk and its management
NPSA, the UK Government’s National Technical Authority for Physical and Personnel Protective Security, has published a case study which provides guidance on managing insider risk.
Read the article
• UK / World
New COSO guidance looks at ‘Achieving Effective Internal Control Over Sustainability Reporting’
COSO (The Committee of Sponsoring Organizations of the Treadway Commission) has released a study with supplemental guidance for organizations to achieve effective internal control over sustainability reporting - using the globally recognized COSO Internal Control-Integrated Framework (ICIF).
Read the article
• US / World
Gartner’s top eight strategic cyber security predictions for 2023-2024
Gartner has published a checklist of eight strategic planning assumptions that organizations should consider in their security strategies for the next two years.
Read the article
• World
Study highlights cyber resilience failures due to lack of preparation
Immersive Labs has released a commissioned study conducted by Forrester Consulting to evaluate how global cyber security decision-makers perceive their organization’s cyber resilience, defined as the ability and confidence to effectively respond to cyber threats.
Read the article
• Various
Survey finds that almost three quarters of organizations were hit by a successful ransomware attack in 2022
Barracuda Networks, Inc., has published its 2023 Ransomware Insights report, which shows that 73 percent of the organizations surveyed state that they were hit by at least one successful ransomware attack in 2022.
Read the article
• World
State of API Security Report highlights a large increase in API-based attacks
Salt Security has released the Salt Labs State of API Security Report, Q1 2023. This found that attackers have upped their activity, with Salt customer data showing a 400 percent increase in unique attackers in the last six months. In addition, about 80 percent of attacks happened over authenticated APIs.
Read the article
• World
CALL FOR PAPERS
Written a relevant
article or white paper? We'd like to consider it for publication on
Continuity Central. Simply e-mail editor@continuitycentral.com
PRIVACY NOTICE
You can read our privacy information at https://www.continuitycentral.com/index.php/privacy-and-cookies
You have
subscribed to this newsletter. To unsubscribe visit:
http://www.continuitycentral.com/index.php/unsubscribe or e-mail webmaster@continuitycentral.com
Continuity
Central is a registered trademark |
