Standby recently participated in a Cyber Security Forum arranged by the BIBF. It stressed the importance of being proactive in your response to the rise in Cyber attacks globally. There are many products out there that help you stay ahead of the game. If you would like any further information on these please do not hesitate to contact us.
A recent snapshot poll conducted by Centrify at Infosec Europe showed that more than a third of respondents cited distraction and boredom as the main cause of human error and a potential security risk.........read more
From all at Standby Consulting.........
If anyone needs business continuity help due to the recent developments in Qatar then feel free to contact us for any advice or guidance we will be only too happy to help.
If you are looking at long term or temporary offices due to relocation within the region then why not speak to our partner Regus who have a number of different relocation or Business Continuity packages available
I write further to our blog of 6 March and 9 May highlighting how political impact on business is one of the top ten worries of companies. With the current tensions between Qatar and other GCC states including Egypt, this is bound to have many International and GCC companies that have previously enjoyed free passage and trade with Qatar scrabbling for clarifications. They will have staff of differing nationalities working in Qatar who may be impacted directly in a move that apparently bans Saudi, UAE and Bahraini Citizens from travelling to, living there or passing through it. People affected have 14 days to leave. Egypt are reported to have 180,000 citizens living and working in Qatar.
The recent failure of British Airways computer systems in the UK shows the absolute importance of IT systems to an airline. It also highlights many questions that still remain unanswered.
It was outlined relatively early that it was a power failure and then in an interview today with the Chief Executive of BA on BBC news he said it was a power surge and that the secondary systems did not start.
That raises even more questions such as-
There is obviously a single point of failure in their systems. Has it been identified and what are they doing to address it? These single points of failure should have been previously identified and addressed, by providing alternate power paths to the critical equipment
If it was a power surge, the question has to be asked, that how come a power surge would take out all of BA’s systems. Power surges are not unknown and should have been planned for. Most, if not all high-quality UPS systems have surge filters built into them. If the area where the data centre or critical equipment was located is known for power fluctuations, then there should have been quality filter and surge equipment put in. Also, the design of the data centres should be that there is alternate paths to them, right from the main power supply, through the switchboards and UPSs to the servers and switches which should have dual power supplies.
How did the surge occur? If it was from the electrical supplier then how come it was not a wide spread incident in that country. Was the surge caused by a person working in the data centre? If so, were they qualified to work in the data centre, was the work scheduled and approved by IT Management?
Then the issue of BA’s disaster recovery centres needs to be considered. The assumption here is that BA, does have secondary sites. Why did they take so long to switch over to them? When was their DR systems and fail over to them last tested? High need operations such as airlines need to almost instantaneous switch over ability between their prime and secondary sites. Worst case scenario it should take an hour.
Many questions need to be answered. We find it extremely hard to work out how a power surge could take out the whole operations of an airline. There has got to be resilience built into it. BA is the national carrier of the UK and the government needs to step in and get an independent inquiry carried out by IT professionals who are well aware of how to build resilient data systems. Something is terribly wrong in the design and the operation of their disaster recovery. The cost of building a resilient data services would have been far less than that cost of the BA IT failure.
Standby are able to carry out your Data Centre Risk Assessment
Sam Mulholland, Standby's Managing Director, recently presented at the Cyber Security Forum arranged by the BIBF. The forum was an opportunity for all vendors to get together share information and recent advances in Cyber Security. The timing could not have been better as this followed on from the weekend of the first WannaCry cyber attack.
Some compelling arguments were put forward and for me, personally, the following stood out:-
- Cyber Security is not only the responsibility of IT.
- Cyber Security needs Senior Management and Board level buy in.
- A company can be either defensive i.e. reactive to an attack or....
- A company can be pro-active in their approach and use tools such as Threat Hunting; Digital Forensics, End Point Detection and Response (EDR) etc. to get a higher level of protection.
- A company requires a "Cyber Plan" in place because it was agreed and stressed by all the presenters it is not a matter of "if" it happens but "when" and generally Cyber Security is not addressed separately within general BCM Plans and it needs to be.
- Companies need a good IT governance policies in place.
There are a lot of new IT solutions out there, the difficulty arises in determining which is best for your company? Forums like this can be very beneficial in that it gives companies the opportunity to collaborate and come up with better solutions and responses to the particular threat they face. Howev
er none of this can be accomplished without Senior Management and Board level buy in. IT personnel can attend workshops/forums/conferences forever a day but if they are not being heard changes and improvements can't be made.
If you should wish to review the script presented by Sam please click below to retrieve
The BCI has released a 'Building Resilience by improving cyber security" report for Business Continuity Awareness week which was the 15-19 May 2017. Please see the link to this report.
as well as a short info video