From all at Standby Consulting.........
If anyone needs business continuity help due to the recent developments in Qatar then feel free to contact us for any advice or guidance we will be only too happy to help.
If you are looking at long term or temporary offices due to relocation within the region then why not speak to our partner Regus who have a number of different relocation or Business Continuity packages available
I write further to our blog of 6 March and 9 May highlighting how political impact on business is one of the top ten worries of companies. With the current tensions between Qatar and other GCC states including Egypt, this is bound to have many International and GCC companies that have previously enjoyed free passage and trade with Qatar scrabbling for clarifications. They will have staff of differing nationalities working in Qatar who may be impacted directly in a move that apparently bans Saudi, UAE and Bahraini Citizens from travelling to, living there or passing through it. People affected have 14 days to leave. Egypt are reported to have 180,000 citizens living and working in Qatar.
The recent failure of British Airways computer systems in the UK shows the absolute importance of IT systems to an airline. It also highlights many questions that still remain unanswered.
It was outlined relatively early that it was a power failure and then in an interview today with the Chief Executive of BA on BBC news he said it was a power surge and that the secondary systems did not start.
That raises even more questions such as-
There is obviously a single point of failure in their systems. Has it been identified and what are they doing to address it? These single points of failure should have been previously identified and addressed, by providing alternate power paths to the critical equipment
If it was a power surge, the question has to be asked, that how come a power surge would take out all of BA’s systems. Power surges are not unknown and should have been planned for. Most, if not all high-quality UPS systems have surge filters built into them. If the area where the data centre or critical equipment was located is known for power fluctuations, then there should have been quality filter and surge equipment put in. Also, the design of the data centres should be that there is alternate paths to them, right from the main power supply, through the switchboards and UPSs to the servers and switches which should have dual power supplies.
How did the surge occur? If it was from the electrical supplier then how come it was not a wide spread incident in that country. Was the surge caused by a person working in the data centre? If so, were they qualified to work in the data centre, was the work scheduled and approved by IT Management?
Then the issue of BA’s disaster recovery centres needs to be considered. The assumption here is that BA, does have secondary sites. Why did they take so long to switch over to them? When was their DR systems and fail over to them last tested? High need operations such as airlines need to almost instantaneous switch over ability between their prime and secondary sites. Worst case scenario it should take an hour.
Many questions need to be answered. We find it extremely hard to work out how a power surge could take out the whole operations of an airline. There has got to be resilience built into it. BA is the national carrier of the UK and the government needs to step in and get an independent inquiry carried out by IT professionals who are well aware of how to build resilient data systems. Something is terribly wrong in the design and the operation of their disaster recovery. The cost of building a resilient data services would have been far less than that cost of the BA IT failure.
Standby are able to carry out your Data Centre Risk Assessment
Sam Mulholland, Standby's Managing Director, recently presented at the Cyber Security Forum arranged by the BIBF. The forum was an opportunity for all vendors to get together share information and recent advances in Cyber Security. The timing could not have been better as this followed on from the weekend of the first WannaCry cyber attack.
Some compelling arguments were put forward and for me, personally, the following stood out:-
- Cyber Security is not only the responsibility of IT.
- Cyber Security needs Senior Management and Board level buy in.
- A company can be either defensive i.e. reactive to an attack or....
- A company can be pro-active in their approach and use tools such as Threat Hunting; Digital Forensics, End Point Detection and Response (EDR) etc. to get a higher level of protection.
- A company requires a "Cyber Plan" in place because it was agreed and stressed by all the presenters it is not a matter of "if" it happens but "when" and generally Cyber Security is not addressed separately within general BCM Plans and it needs to be.
- Companies need a good IT governance policies in place.
There are a lot of new IT solutions out there, the difficulty arises in determining which is best for your company? Forums like this can be very beneficial in that it gives companies the opportunity to collaborate and come up with better solutions and responses to the particular threat they face. Howev
er none of this can be accomplished without Senior Management and Board level buy in. IT personnel can attend workshops/forums/conferences forever a day but if they are not being heard changes and improvements can't be made.
If you should wish to review the script presented by Sam please click below to retrieve
The BCI has released a 'Building Resilience by improving cyber security" report for Business Continuity Awareness week which was the 15-19 May 2017. Please see the link to this report.
as well as a short info video
In light of all the cyber security incidents over the weekend Standby Consulting felt we should get in touch to give an update of what has been going on and also check it is business as usual for your company!
So what has happened?
On Friday 12 May 2017, Tens of thousands of organisations were infected with a computer virus called WannaCry. WannaCry is a strain of Ransomware that locks down data and demands a payment of up to $300 a time before it will restore scrambled files.
There has been significant press coverage in the UK, as many hospitals fell victim and some health organisations diverted ambulances and also had to cancel non-essential services while they found a way to contain and clean up the infection. It has not however only the UK that has been affected, with reports of attacks taking place in over 100 different countries, with some of the hardest hit being Russia and Spain.
WannaCry appears to have been spread via a computer virus known as a worm, which has the ability to move around a network by itself. Once inside an organisation it will hunt down vulnerable machines and infect them too, which is in contrast to many other ransomware attacks which rely on individual users to spread it, by tricking them into clicking on an attachment or link containing the attack code.
Luckily a UK security researcher has now found a way to halt the spread of WannaCry. The researcher known as MalwareTech ‘accidently’ found the ‘Kill Switch’ in the code that has now been able to stop the spread. Though he has highlighted that this is only a temporary fix and people should act quickly to make sure their systems are protected against another strain of the WannaCry attack.
Read more about the WannaCry solution here - http://www.bbc.com/news/technology-39907049
Could WannaCry affect your business?
WannaCry currently only seems to be affecting windows systems and in particular any systems still running the legacy windows XP systems, which are no longer supported by Microsoft. Standby suggests software is updated immediately to a window system version supported by Microsoft, such as Windows 7 or 10. At the very least though the latest patches and updates should be applied to all windows software and for any XP users, there has now been an emergency patch developed. This event is a good reminder that you should always keep all your software up to date with all the latest releases and patches to help stay ahead of any potential hackers. Protect your business by using up to date firewalls and anti-virus software and by being wary when reading emailed messages. Send a message to all personnel informing them of the latest
If not doing so already, ensure any back up of key data is kept up to date, so files can be restored without having to pay should your systems be infected.
Read more about the attack and what other attacks that may also be coming soon –
IT Security Checklist
It’s now time to look seriously at your current cyber security set up:
- Are all Microsoft and other IT systems up to date?
- Does your IT department have suitable safeguards in place to deal with an attack?
- What if you do get hit? Does your company have an up to date IT DR plan or a specific Cyber Security Breach Plan
- Is your company’s vital data backed up correctly? Is there an up to date back up kept off the network and away from potential threats?
- Does IT know how to deal with an attack quickly enough to ensure your customers, stakeholders will not be effected?
- Are your Crisis Management Team trained and exercised to deal with the business impact of a Cyber Security Breach?
- Are company finances secure?
There is now a lot of literature online to help build a resilient organisation to guard against cyber attacks, so it’s time to get researching.
If you have any questions on the WannaCry attacks or need some guidance on how you can build an effective Cyber Defence, Standby Consulting are here to help. Visit our website for more info – Standbyconsulting.com or contact us directly using the below info.
The Standby Team
Global political changes in 2016 and 2017 have had an impact on businesses worldwide. The world has become a smaller place and the ripple effect of political behaviour impacts global economy and businesses in differing ways.
"Political decisions can affect three main areas including society and culture, the economy and advancement of the country in terms of technology and the adoption of it. Any of these changes can be unexpected and are less predictable factors that affect businesses extensively. An unstable political system can affect other cores of a business including".........read more