Why do Business Continuity Management?

Privacy laws regulate the collection, storage and use of data by organisations in many countries globally. Following the proclamation of the Protection of Personal Information Act (POPI) Act into law in 2014, so too will these laws become applicable to South African organisations.
In this digital age, technology plays a pivotal role in shaping the way in which business is done. The objective of this topic is to explore the Cyber Security and Resilience requirements placed on organisations by privacy regulations, and the impact of Cyber Security and Resilience on Business Continuity.
This webinar will touch on the reliance placed on effective Information Security and Cyber Security solutions to ensure compliance, and explore how a breach or failure of Information Security Controls needs to be managed.

Cyber crime has been around for as long as we’ve been connected to the Internet, but in recent times, the criminals behind it are excelling in their creativity and ingenuity with consequences that are more damaging than ever before. Furthermore, the organisations that invest in cyber crime preparedness seem to forever be one step behind as they only get to guess what might be coming.

The price tags of these data thefts, DDoS attacks, ransoms to unblock operating systems, etc. are going through the roof. Therefore, when faced with a cyber crisis, it is critical to demonstrate strong leadership and communicate effectively with all stakeholders to avoid spiralling down to a reputation meltdown.

In today’s global village everyone is connected. The internet has brought billions of people together, allowing sharing of data, communication and commerce at a scale never imagined before. The value of the internet is clear for everyone to see. Unfortunately, the same internet also allows for cyber hackers and attackers to fight a new war, Cyber terrorism, theft of data and extortion. The attackers hide in plain sight. Working from homes or offices. Sometimes alone, often in syndicates. Even state sponsored cyber terrorism is on the increase.

Large cyber security companies such as firewall providers and anti-virus vendors are spending millions of US dollars in a constant battle to stay ahead of the cyber threat. Unfortunately, these measures are not always successful in preventing cyber-attacks from occurring as can be seen from recent attack against Primera Blue Cross.

The company, a health insurer based in Washington State, said up to 11 million customers could have been affected by a cyber attack last year. Hackers gained access to its computers on 5 May 2016 and the breach was not discovered until 29 Jan 2017. The breach probably exposed members' names, dates of birth, Social Security numbers, mailing and email addresses, phone numbers and bank account information. The company is currently working with the FBI and a cyber security firm to investigate.

So, given that no matter what you do to protect yourself against the cyber threat, you will probably be attacked or have already been attacked. You therefore need a plan B to allow your business to continue with crucial day-to-day activities after the event.

Cyber threats. Compliance. Ease of use. These are among the growing challenges to resiliency for all organizations, but they often are at odds with another. Clients and their customers are driving a need for ease of use, customization and empowerment, which can result in a more complex, at-risk infrastructure. How can organizations manage risk and compliance - maintaining expected transparency, accountability and interconnectedness amongst all of this complexity?

Join our discussion on the impacts of increased regulatory supervision and the effects of standards, using industry examples - and learn key strategies you can use today to manage resiliency across all levels of the enterprise to protect your business in the age of digitization and IT modernization.

You’ve built your cyber response plan and are confident you can respond and recover from a cyber attack and have robust procedures in place. But once a business critical cyber attack has been identified, how quickly can you invoke those plans, get your team to start collaborating, communicating and coordinating the response?

Moreover, cyber attacks don’t conveniently happen during office hours so you need to be able to mobilise your response teams across shift schedules, time zones, locations and communication devices.
In this session we’ll look at how you can digitize your response plans, improve operational response, keep everyone informed through reliable crisis communications and simplify and standardise the organizational response.

The first defence against cyber attacks is often to impose technical barriers, but how can an organisation’s culture help mitigate the cyber risk? This session will look at the cultural aspects of security, measuring cyber security culture and suggest how behaviour can make us more resilient.

With its 25th May 2018 deadline, the General Data Protection Regulations have become the stuff that marketing dreams are made of, but the delivery of appropriate levels of confidentiality, integrity and availability for affected data does not have to mean vast amounts of investment in cutting edge technology and expensive consultancy engagements. In this session we will have a closer look at what the end results of Article 32 (Security of Processing) actually need to look like and address some of the terminology used so that delegates properly understand what the regulation demands from them and their businesses. In the context of business continuity, we will further look into how current strategies match up to GDPR and what can be done to optimise them for May 2018 and beyond.

Organizations feel the pain of successful cyber attacks through the loss of personal customer information, release of commercially sensitive data or the disruption of business critical email systems. The effects are devastating, with wide-ranging damage to corporate reputation or loss of competitive advantage.

91% of successful attacks start with email. Learn how cyber resilience best practices can help organizations tackle cyber risks effectively, improve productivity and ensure business continuity by providing cyber security assurances to ecosystem partners, stakeholders and customers.

Cyber resiliency teams can no longer rely on security defence measures alone - instead, you need to assume and admit, that a cyber attack is not just a possibility, but a likely event that will impact your organization at some point in the very near future.

According to the BCI Cyber Resilience Report 2016, 15% of organizations have experienced at least 10 cyber security incidents in the previous year.

While no two cyber attack events are the same, there are 5 key steps that should be followed in order to ensure a quick and successful event resolution for a critical event situation.

Using real world anecdotes, we’ll take a look at the timeline of a cyber attack and walk you through the 5 Steps to help you prepare your cyber attack communications and response plan.

Attendees can download the free white paper and checklist to accompany this webinar.

There is a growing demand for organizations to extend their operations out of a secure, controlled domain into an unpredictable ecosystem, for reasons such as cost reduction, increases in productivity, profitability requirements and regulatory pressures, to name a few. This expansion into hybrid environments exposes businesses into unforeseen risks, requiring a more formidable capability relative to the resiliency measures that need to be in place. A strong cyber resiliency framework that includes a combination of security, business continuity and a resilient control system can help to mitigate disruptions of critical business functions and enable confidence across the entire enterprise in the event of a cyber breach.

In this webinar, you will learn tactical approaches for implementing cyber resilience, including evolving industry practices for enhanced cyber resiliency, benefits to be realized beyond mitigation of threats and risk reduction, and technological advancements that support successful cyber resiliency.

Business continuity planning has long helped organisations prepare for, respond to and recover from all types of disruption. Sophisticated and enduring cyber incidents, however, can challenge the planning assumptions many organisations rely on, including recovery time and recovery point objectives. This session will look at how organisations can go beyond traditional business continuity planning to enhance cyber incident readiness.

Take your mark. Get set… and go. What do you do if your organization is faced with a crisis, do you have the necessary steps and procedures to recover from a cyber attack?

91% of APT (Advanced Persistent Threats) begin with spear phishing emails. Cyber criminals increasingly target employees within an organization who have administrative rights and access to critical systems. Successfully phishing these individuals could give them the ‘key’ to breaching security in further attacks.

This webinar will cover five domains to assist the organization to maintain a framework with the ability to deliver the outcomes consistently at all times. These domains focus on preventative, detective and reactive controls within the organization, and form part of the process of having the ability to recover in the event of a crisis.

These five domains will follow the process of identifying, protecting, detecting, responding and recovering, giving a holistic view of the full cycle of infrastructure resilience.

Today’s digitised value chains have a very high dependency on third parties. This exposure is not lost on potential attackers, who will invest resources in researching, identifying and selecting targets among value chain partners. It would be an uneven contest were firms not to take steps to understand these vulnerabilities and ‘value at risk’ themselves. This webinar will set out clear steps that can be taken to understand potential vulnerabilities among third parties and will introduce a lifecycle approach to support robust third party risk management from the start of the relationship through to exit.

The greatest threat to the corporate security perimeter now comes not from the outside, but the inside. Social engineering threats such as phishing, malware and ransomware target the weakest link, the human factor. This webinar will expose the techniques of the hackers and offer advice on how these can be combatted to make your business more resilient in the face of the cyber threat.

Claudia Van Den Heuvel and James Campbell (PwC) share the lessons they’ve learned from Operation Cloud Hopper, and offer insight on how to confidently integrate cyber response into your organizational crisis capability. During this webinar you'll also be able to download the cyber case study we share, along with the latest CEO crisis survey statistics.

This session will focus on how organisations can build senior executive level readiness to respond and recover from sophisticated cyber incidents. It will provide an overview of the threat landscape and consider the differences cyber crises present for senior executives. Participants will learn about some of the challenges faced when responding to a cyber incident and how to overcome them by building readiness in people, structures, processes and plans.

Chris will be presenting on risk and resilience in 2017, looking specifically at:

- The current risks to businesses
- The current threat landscape
- The importance of resilience, including cyber resilience and how it is more than just cyber security
- What companies need to do to become and stay resilient

In the build up to Business Continuity Awareness Week, the Business Continuity Institute published six posters to help promote the week, each one highlighting a way in which each and every one of us can play a role in cyber security and help build a more resilient organization.

The issues highlighted in these posters may seem basic, but the report to be published during BCAW shows why they are a real concern, and how, regardless of the security measures in place, slack security on the part of the user can be immensely damaging to organizations.

This webinar reveals some of the findings of the report, and uses existing research to demonstrate how vulnerable our organizations can be.