SlideShare une entreprise Scribd logo

Business Continuity Emerging Trends - DRIE Atlantic - Summary

M
Marie Lavoie Dufort

Summary document for DRIE Atlantic presentation held on May 19, 2021 on the topic of Business Continuity Emerging Trends – Absorbing & Adapting In A Changing Environment. Speaker: Marie Lavoie Dufort Host: Emad Aziz

Présentations et discours publics
1  sur  5
Télécharger pour lire hors ligne
Atlantic BCAW 2021, Webinar Summary Sheet Join DRIE Atlantic! To register, please email drieatlc@gmail.com or like us on Facebook @drieatlc and LinkedIn linkedin.com/DRIEATLC 1 Business Continuity Emerging Trends Absorbing & Adapting in a Changing Environment The information presented in the webinar is inspired by:  Industry white papers  News and published articles  Feedback and anecdotal evidence from industry professionals COVID-19 Global Pandemic Observations  Grey Swan – Unlike “black swan” events, i.e., those that are hard to predict and have very high impacts, it is now thought that the pandemic is a “grey swan”– an event that was possible and known, had potentially extremely significant impacts, but was considered unlikely to happen.  Risk not top of mind – The Business Continuity Institute (BCI) Horizon Scan Report from 2020 stated that non- occupational disease ranked 2nd from bottom of the list of future concerns for Resilience professionals. In 2019, PriceeaterhouseCoopers (PwC) published its global crisis survey stating that 95% of respondents believed a crisis was imminent in the next two years, but that list of crises did not list pandemics.  Plan or no plan? – Organizations that had a tested pandemic plan (documented strategy for how an organization plans to provide essential services when there is a widespread outbreak of an infectious disease), were able to respond more quickly and competently. Most plans created prior to the pandemic likely did not factor in global impact (i.e. supply chain issues, market impacts), lockdowns and quarantines, and the fact that return to normal was would be prolonged.  Communication overload – COVID-19 revealed many flaws in crisis communication processes within companies. Organizations and individuals were inundated with frequently changing fact-based information on the pandemic from official and unofficial sources. It was not uncommon for organizations to create their own criteria and dashboards to determine if operations should close or reopen. Organizations with the capacity to do so relied on their own monitoring capabilities to detect trends and provide counsel to senior management.  Home sweet home – COVID-19 forced companies to rapidly shift to work-from-home and other remote working strategies, something that was not culturally or widely accepted before. There were several logistical challenges including: a. Many had never tested their capabilities on a mass-scale or extended duration. b. Processes and communicating with internal/external stakeholders were not pre-planned. c. Technology teams rushed to rapidly deploy solutions (e.g. laptops) to support remote work stressing supply chains.  The BCM profession was sidelined at the onset of the pandemic but is now receiving increased attention and support – COVID-19 was officially declared a pandemic on March 11, 2020. However, by the end of January 2020, only 49.2% of Business Continuity professionals had been engaged in their organization’s response, primarily because Management teams were dealing with the strategic elements of the response before, they engaged operational teams.
Atlantic BCAW 2021, Webinar Summary Sheet Join DRIE Atlantic! To register, please email drieatlc@gmail.com or like us on Facebook @drieatlc and LinkedIn linkedin.com/DRIEATLC 2 Lesson 1: Pandemic Resiliency Recommendations Analyze  Time sensitive vs. essential: Map your time sensitive, critical and essential business activities and understand the dependencies that support you in the delivery of those services. The map should “link” dependencies to show how a single disruption can snowball into other business activities. Exercise:  Assumptions: Don’t just test the plan, but also test the assumptions going into the plan. What if a critical resource is unavailable? Or is competed for by another business unit?  Rehearse: Organizations who had recently rehearsed a pandemic plan were most prepared for COVID-19. Regular real-life tests and simulations are the only way to ensure your organization is ready.  Crisis communication: Put a crisis communications team in place and exercise them regularly. Communication with all stakeholders (internal and external) is a key success metric. Plan  Focus on impact-based planning, i.e., planning should not be too focused on specific risks, rather the plan must be adapted to cope with the unexpected (including incidents that take longer to fully materialize).  Update your planning documents: The Business Impact Assessment (BIA) and Business Continuity Planning (BCP) will require a review as the dependencies you relied upon may have changed (e.g. primary sites are unavailable and most employees are already working from home). Additionally, most BCP’s will require a review of standing down procedures or return to “new normal”.  Alternate sites: Consider how you will respond to future disruptions affecting your employees and alternate workplaces. Do you understand who is dependent on primary or secondary work sites to work and why? What happens if regional employees are affected by a telecommunications or power outage, how will you shift work then? How will you exercise alternate working capabilities in a remote work scenario? How will you exercise with other suppliers or agencies?  Leadership engagement: Make the most use of senior leadership attention while you have it. The pandemic has raised the profile of Business Continuity and organizational Resilience disciplines and demonstrated the valuable role of Business Continuity within organizations. When strategic decisions needed to be made at the onset of the pandemic, did your senior leadership understand the connection between business continuity and a crisis? Were they aware if their organization has an effective pandemic plan? Involve Leadership early and emphasize what is most critical to the enterprise will be a driving factor for business continuity at the table. Cyber Security Observations  Cyber criminals exploiting the pandemic – Cyber attacks modernized and intensified with examples of virus- themed sales of malware, a dramatic increase in the creation of malicious COVID-19 related sites and an increase in phishing scams.  Lack of incident response plans – Organizations that went into response mode (not necessarily informed by tested/validated capabilities) during the pandemic, afforded hackers the ability to exploit vulnerabilities. For example, home offices are not as protected as the fortified office sites that have more secure firewalls, routers, and access management run by their cyber security teams.
Atlantic BCAW 2021, Webinar Summary Sheet Join DRIE Atlantic! To register, please email drieatlc@gmail.com or like us on Facebook @drieatlc and LinkedIn linkedin.com/DRIEATLC 3  Fast tracking Digital Solutions – To continue servicing internal and external stakeholders in the “new normal” companies have had to innovate very quickly. A new survey from McKinsey finds that responses to COVID-19 have speeded the adoption of digital technologies by up to seven years. Threat actors also changed their tactics however and took advantage of this period of change to attack across all sectors.”  Ransomware is the cyber weapon of choice –The popularity of crypto currency has made ransomware a lucrative choice for hackers.  Big game hunting – Critical infrastructure, government services such as health and labor, and large organizations are increasingly being targeted by cyber attacks. These attacks have evolved in sophistication because they are being perpetrated not only by the criminal element, but also by nation states actors and for-profit hackers peddling their tools on the dark web. Now you don’t need technical expertise to launch cyber attacks, you can simply “hire a hacker” and split the profits. Lesson 2: Cyber Security Recommendations  Data classification & privacy controls – You need to understand what different types of data exist within your organization. Top 3 questions to ask are: 1. Who can access this data? 2. How is the access recorded? 3. Is the data shareable with others?  Targets, Tactics and Techniques are frequently changing – Hackers and malicious software are finding new ways to compromise –therefore we must implement strong mitigation strategies to counteract this. Short and long- term wins include: 1. Investing in continuous monitoring of systems, especially those that allow access into the corporate network. 2. Subscribing to cyber security reports. 3. Following best practices. 4. Performing frequent software updates. 5. Training your front line - Employees should receive up-to-date and relevant training on vulnerabilities when working remotely to ensure they and the data they work with is protected from unauthorized use and access.  Updated cyber incident response plans – Recent events have showed us that the lines between private and work life are blending, and plans need to reflect this. For example, do you have a procedure for responding to out of office” breaches? The key points in the plan should include: 1. Should your cyber security team have the authority to access personal devices for forensic investigations? 2. What is the role of law enforcement in your plan? 3. What are the expectations for employee(s) whose personal assets were used in a cyber attack? 4. How are employees supported pre/during/post incident? 5. How should employee direct media-related inquires? 6. Are employees legally liable or at risk of losing their jobs for vulnerabilities within their home network or personal devices? 7. What is the escalation protocol to notify stakeholders?
Atlantic BCAW 2021, Webinar Summary Sheet Join DRIE Atlantic! To register, please email drieatlc@gmail.com or like us on Facebook @drieatlc and LinkedIn linkedin.com/DRIEATLC 4 Supply Chain Observations  Financial regulators leading the way – Regulators in the UK are leading the way in operational resilience by mandating that financial institutions who use vendors in the delivery of important business services should work effectively with those vendors to set and remain within impact tolerances. o Companies now must identify important business services including those that have the greatest detrimental impacts to customers and market integrity. o Vendors cannot have a one-size-fits-all approach. They will have to adapt their services to individual customer requirements and tolerances.  Global Logistical Delays – Globalization has created a complex web of dependencies affecting upstream and downstream delivery of goods and services. It has become increasingly obvious that many organizations can only identify their critical suppliers and lack the visibility and the tools to quickly identify, track and manage suppliers below the first level.  Suez Canal Tanker Blockage – When the Ever Given, a 220,000-ton ship, became lodged in the Suez Canal, it took only 24 hours for impacts to start rippling through the global supply chain and expose its fragility. By the time the ship was freed, an estimated 350 tankers were stuck on either side of the canal and delays averaging five to six weeks had become common. North American industries like home supply stores, medical equipment suppliers and grocery stores were impacted. Lesson 3: Supply Chain Recommendations  Cross-functional team assessment – Develop a risk-based assessment process to identify applicable risks that could impact your supplier arrangements. You also need to understand the risk these arrangements possess (i.e. concentration risk, reliance risk, business continuity risk). As part of the assessments, build relationships with your suppliers and always strive to assess their business continuity, disaster recovery and third-party management practices to ensure they meet your requirements.  Contingency plans – Be proactive and create contingency plans that can support you in the event of an unforeseen supplier incident, starting with the suppliers that have the greatest potential to impact your ability to operate.  Break down the silos – Business Continuity, Procurement, Risk and Technology should collaborate throughout the contract lifecycle. All groups understand different aspects of the risk and complexities of a supplier arrangement.  Actively monitor – Making technology investments today allows companies to better manage supply chain risk – giving them greater access to timely data, and transparency into their entire supplier network. If you cannot invest in technology, a more agile approach is to create a cross functional team who congregates during incidents or on a pre-defined basis to monitor the supplier environment.
Atlantic BCAW 2021, Webinar Summary Sheet Join DRIE Atlantic! To register, please email drieatlc@gmail.com or like us on Facebook @drieatlc and LinkedIn linkedin.com/DRIEATLC 5 References • The future of business continuity and resiliency, BCI: Link • Pandemic response report, from the BCI: Link • 6 hidden costs of misinformation and disinformation in global security and business continuity, Factal Blog: Link • As of March 2020, 27.2% of companies do not have a BCP plan in place and 24% are currently in the midst of drafting one, Mercer: Link • 51% of companies around the world have no plans or protocols in place to combat a global emergency like COVID-19, Mercer: Link • Since the World Health Organization (WHO) declared the COVID-19 outbreak a pandemic on March 11, IBM X- Force has observed a more than 6,000 percent increase in COVID-19-related spam, IBM: link • IBM study: A vast majority of organizations […] are still unprepared to properly respond to cybersecurity incidents, with 77% of respondents indicating they do not have a cybersecurity incident response plan applied consistently across the enterprise, IBM: Link • The popularity of crypto currency and ransomware-as-a-business model has made ransomware a lucrative choice for hackers. Global ransomware damage is predicted to reach $20 billion USD by 2021, Splunk: Link • Why toilet-paper demand spiked 845%, and how companies kept up with it, Business Insider: Link • Canadian Consumers Prepare for COVID-19, Statistics Canada: Link • The ship that blocked the Suez Canal may be free, but experts warn the supply chain impact could last months, CNBC: Link

Recommandé

Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Hewlett Packard Enterprise Business Value Exchange
 
Effective Communications in Business Continuity Planning
Effective Communications in Business Continuity PlanningEffective Communications in Business Continuity Planning
Effective Communications in Business Continuity PlanningCloudnition Web Development & Online Marketing
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Erik Ginalick
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Silvia Cardona
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
 
StateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedStateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedJames Blake
 

Recommandé

Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Hewlett Packard Enterprise Business Value Exchange
 
Effective Communications in Business Continuity Planning
Effective Communications in Business Continuity PlanningEffective Communications in Business Continuity Planning
Effective Communications in Business Continuity PlanningCloudnition Web Development & Online Marketing
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Erik Ginalick
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Silvia Cardona
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
 
StateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedStateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedJames Blake
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Kim Jensen
 
Managing IT projects by David Bustin
Managing IT projects by David BustinManaging IT projects by David Bustin
Managing IT projects by David BustinDavid Bustin
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
VMware Emerging Strategies for Managing Mobility
VMware Emerging Strategies for Managing MobilityVMware Emerging Strategies for Managing Mobility
VMware Emerging Strategies for Managing MobilityVMware
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk ManagementDeepak Bansal, CPA CISSP
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 
Tutorial joaopascoalfaria-2confcmmiportugal-v1-3-split
Tutorial joaopascoalfaria-2confcmmiportugal-v1-3-splitTutorial joaopascoalfaria-2confcmmiportugal-v1-3-split
Tutorial joaopascoalfaria-2confcmmiportugal-v1-3-splitisabelmargarido
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationChris Ross
 
Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...
Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...
Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...Cognizant
 
Mtw03008 usen
Mtw03008 usenMtw03008 usen
Mtw03008 usenrjstevens
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
From Chaos to Catalyst
From Chaos to CatalystFrom Chaos to Catalyst
From Chaos to CatalystCognizant
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-StudyTam Nguyen
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalSelectedPresentations
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
HP cyber risk report 2015
HP cyber risk report 2015HP cyber risk report 2015
HP cyber risk report 2015Simone Luca Giargia
 
Risk management and IT technologies
Risk management and IT technologiesRisk management and IT technologies
Risk management and IT technologiesHadi Fadlallah
 
Security results of_the_wqr_2015_16
Security results of_the_wqr_2015_16Security results of_the_wqr_2015_16
Security results of_the_wqr_2015_16Emily Brady
 
Cyber Security Infographic
Cyber Security InfographicCyber Security Infographic
Cyber Security InfographicBooz Allen Hamilton
 
BM7215 - Assignment 1 - Draft.pptx
BM7215 - Assignment 1 - Draft.pptxBM7215 - Assignment 1 - Draft.pptx
BM7215 - Assignment 1 - Draft.pptxShangaviS2
 
Leadership During Covid 19
Leadership During Covid 19Leadership During Covid 19
Leadership During Covid 19Manish Parsuramka
 

Contenu connexe

Tendances

Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Kim Jensen
 
Managing IT projects by David Bustin
Managing IT projects by David BustinManaging IT projects by David Bustin
Managing IT projects by David BustinDavid Bustin
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
VMware Emerging Strategies for Managing Mobility
VMware Emerging Strategies for Managing MobilityVMware Emerging Strategies for Managing Mobility
VMware Emerging Strategies for Managing MobilityVMware
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk ManagementDeepak Bansal, CPA CISSP
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 
Tutorial joaopascoalfaria-2confcmmiportugal-v1-3-split
Tutorial joaopascoalfaria-2confcmmiportugal-v1-3-splitTutorial joaopascoalfaria-2confcmmiportugal-v1-3-split
Tutorial joaopascoalfaria-2confcmmiportugal-v1-3-splitisabelmargarido
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationChris Ross
 
Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...
Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...
Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...Cognizant
 
Mtw03008 usen
Mtw03008 usenMtw03008 usen
Mtw03008 usenrjstevens
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
From Chaos to Catalyst
From Chaos to CatalystFrom Chaos to Catalyst
From Chaos to CatalystCognizant
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-StudyTam Nguyen
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalSelectedPresentations
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Risk management and IT technologies
Risk management and IT technologiesRisk management and IT technologies
Risk management and IT technologiesHadi Fadlallah
 
Security results of_the_wqr_2015_16
Security results of_the_wqr_2015_16Security results of_the_wqr_2015_16
Security results of_the_wqr_2015_16Emily Brady
 

Tendances (20)

Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014
 
Managing IT projects by David Bustin
Managing IT projects by David BustinManaging IT projects by David Bustin
Managing IT projects by David Bustin
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
VMware Emerging Strategies for Managing Mobility
VMware Emerging Strategies for Managing MobilityVMware Emerging Strategies for Managing Mobility
VMware Emerging Strategies for Managing Mobility
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk Management
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
 
Tutorial joaopascoalfaria-2confcmmiportugal-v1-3-split
Tutorial joaopascoalfaria-2confcmmiportugal-v1-3-splitTutorial joaopascoalfaria-2confcmmiportugal-v1-3-split
Tutorial joaopascoalfaria-2confcmmiportugal-v1-3-split
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in Communication
 
Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...
Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...
Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...
 
Mtw03008 usen
Mtw03008 usenMtw03008 usen
Mtw03008 usen
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
From Chaos to Catalyst
From Chaos to CatalystFrom Chaos to Catalyst
From Chaos to Catalyst
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - final
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
HP cyber risk report 2015
HP cyber risk report 2015HP cyber risk report 2015
HP cyber risk report 2015
 
Risk management and IT technologies
Risk management and IT technologiesRisk management and IT technologies
Risk management and IT technologies
 
Security results of_the_wqr_2015_16
Security results of_the_wqr_2015_16Security results of_the_wqr_2015_16
Security results of_the_wqr_2015_16
 
Cyber Security Infographic
Cyber Security InfographicCyber Security Infographic
Cyber Security Infographic
 

Similaire à Business Continuity Emerging Trends - DRIE Atlantic - Summary

BM7215 - Assignment 1 - Draft.pptx
BM7215 - Assignment 1 - Draft.pptxBM7215 - Assignment 1 - Draft.pptx
BM7215 - Assignment 1 - Draft.pptxShangaviS2
 
Digital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactDigital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactTata Consultancy Services
 
The Impacts of COVID-19 on Enterprise IT
The Impacts of COVID-19 on Enterprise ITThe Impacts of COVID-19 on Enterprise IT
The Impacts of COVID-19 on Enterprise ITInsight
 
COVID-19: The View From the C-Suite
COVID-19: The View From the C-SuiteCOVID-19: The View From the C-Suite
COVID-19: The View From the C-SuiteCognizant
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen Hamilton
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19Belatrix Software
 
Impact of Covid-19 on Business and Workforce
Impact of Covid-19 on Business and WorkforceImpact of Covid-19 on Business and Workforce
Impact of Covid-19 on Business and WorkforceMarianne Harness
 
EMERGENCE OF NEW DIGITALIZATION TECHNIQUES IN ORGANISATIONS IN.pptx
EMERGENCE OF NEW DIGITALIZATION TECHNIQUES IN ORGANISATIONS IN.pptxEMERGENCE OF NEW DIGITALIZATION TECHNIQUES IN ORGANISATIONS IN.pptx
EMERGENCE OF NEW DIGITALIZATION TECHNIQUES IN ORGANISATIONS IN.pptxArunimaHazra2
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docxwrite30
 
The top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdowThe top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdowDharmendra Rama
 
8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docx8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docxmeghanivkwserie
 
8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docx8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docxpriestmanmable
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfHumphrey Humphrey
 
Covid-19 AAA Crisis Rapid Response Support
Covid-19 AAA Crisis Rapid Response SupportCovid-19 AAA Crisis Rapid Response Support
Covid-19 AAA Crisis Rapid Response SupportGadlang ATH
 
Risk Management Following are the main risks that Itrustu In.pdf
Risk Management Following are the main risks that Itrustu In.pdfRisk Management Following are the main risks that Itrustu In.pdf
Risk Management Following are the main risks that Itrustu In.pdfadaacollections
 

Similaire à Business Continuity Emerging Trends - DRIE Atlantic - Summary (20)

BM7215 - Assignment 1 - Draft.pptx
BM7215 - Assignment 1 - Draft.pptxBM7215 - Assignment 1 - Draft.pptx
BM7215 - Assignment 1 - Draft.pptx
 
Leadership During Covid 19
Leadership During Covid 19Leadership During Covid 19
Leadership During Covid 19
 
Digital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactDigital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the Impact
 
The Impacts of COVID-19 on Enterprise IT
The Impacts of COVID-19 on Enterprise ITThe Impacts of COVID-19 on Enterprise IT
The Impacts of COVID-19 on Enterprise IT
 
BCI Counting The Cost
BCI Counting The CostBCI Counting The Cost
BCI Counting The Cost
 
COVID-19: The View From the C-Suite
COVID-19: The View From the C-SuiteCOVID-19: The View From the C-Suite
COVID-19: The View From the C-Suite
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of Directors
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19
 
Impact of Covid-19 on Business and Workforce
Impact of Covid-19 on Business and WorkforceImpact of Covid-19 on Business and Workforce
Impact of Covid-19 on Business and Workforce
 
EMERGENCE OF NEW DIGITALIZATION TECHNIQUES IN ORGANISATIONS IN.pptx
EMERGENCE OF NEW DIGITALIZATION TECHNIQUES IN ORGANISATIONS IN.pptxEMERGENCE OF NEW DIGITALIZATION TECHNIQUES IN ORGANISATIONS IN.pptx
EMERGENCE OF NEW DIGITALIZATION TECHNIQUES IN ORGANISATIONS IN.pptx
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docx
 
The top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdowThe top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdow
 
8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docx8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docx
 
8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docx8Network Security April 2020FEATUREAre your IT staf.docx
8Network Security April 2020FEATUREAre your IT staf.docx
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdf
 
Covid-19 AAA Crisis Rapid Response Support
Covid-19 AAA Crisis Rapid Response SupportCovid-19 AAA Crisis Rapid Response Support
Covid-19 AAA Crisis Rapid Response Support
 
Risk Management Following are the main risks that Itrustu In.pdf
Risk Management Following are the main risks that Itrustu In.pdfRisk Management Following are the main risks that Itrustu In.pdf
Risk Management Following are the main risks that Itrustu In.pdf
 

Dernier

The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfSenaatti-kiinteistöt
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Baileyhlharris
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...amilabibi1
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedDelhi Call girls
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Delhi Call girls
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfSkillCertProExams
 
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...Pooja Nehwal
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCamilleBoulbin1
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoKayode Fayemi
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatmentnswingard
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lodhisaajjda
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 

Dernier (20)

The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 

Business Continuity Emerging Trends - DRIE Atlantic - Summary

  • 1. Atlantic BCAW 2021, Webinar Summary Sheet Join DRIE Atlantic! To register, please email drieatlc@gmail.com or like us on Facebook @drieatlc and LinkedIn linkedin.com/DRIEATLC 1 Business Continuity Emerging Trends Absorbing & Adapting in a Changing Environment The information presented in the webinar is inspired by:  Industry white papers  News and published articles  Feedback and anecdotal evidence from industry professionals COVID-19 Global Pandemic Observations  Grey Swan – Unlike “black swan” events, i.e., those that are hard to predict and have very high impacts, it is now thought that the pandemic is a “grey swan”– an event that was possible and known, had potentially extremely significant impacts, but was considered unlikely to happen.  Risk not top of mind – The Business Continuity Institute (BCI) Horizon Scan Report from 2020 stated that non- occupational disease ranked 2nd from bottom of the list of future concerns for Resilience professionals. In 2019, PriceeaterhouseCoopers (PwC) published its global crisis survey stating that 95% of respondents believed a crisis was imminent in the next two years, but that list of crises did not list pandemics.  Plan or no plan? – Organizations that had a tested pandemic plan (documented strategy for how an organization plans to provide essential services when there is a widespread outbreak of an infectious disease), were able to respond more quickly and competently. Most plans created prior to the pandemic likely did not factor in global impact (i.e. supply chain issues, market impacts), lockdowns and quarantines, and the fact that return to normal was would be prolonged.  Communication overload – COVID-19 revealed many flaws in crisis communication processes within companies. Organizations and individuals were inundated with frequently changing fact-based information on the pandemic from official and unofficial sources. It was not uncommon for organizations to create their own criteria and dashboards to determine if operations should close or reopen. Organizations with the capacity to do so relied on their own monitoring capabilities to detect trends and provide counsel to senior management.  Home sweet home – COVID-19 forced companies to rapidly shift to work-from-home and other remote working strategies, something that was not culturally or widely accepted before. There were several logistical challenges including: a. Many had never tested their capabilities on a mass-scale or extended duration. b. Processes and communicating with internal/external stakeholders were not pre-planned. c. Technology teams rushed to rapidly deploy solutions (e.g. laptops) to support remote work stressing supply chains.  The BCM profession was sidelined at the onset of the pandemic but is now receiving increased attention and support – COVID-19 was officially declared a pandemic on March 11, 2020. However, by the end of January 2020, only 49.2% of Business Continuity professionals had been engaged in their organization’s response, primarily because Management teams were dealing with the strategic elements of the response before, they engaged operational teams.
  • 2. Atlantic BCAW 2021, Webinar Summary Sheet Join DRIE Atlantic! To register, please email drieatlc@gmail.com or like us on Facebook @drieatlc and LinkedIn linkedin.com/DRIEATLC 2 Lesson 1: Pandemic Resiliency Recommendations Analyze  Time sensitive vs. essential: Map your time sensitive, critical and essential business activities and understand the dependencies that support you in the delivery of those services. The map should “link” dependencies to show how a single disruption can snowball into other business activities. Exercise:  Assumptions: Don’t just test the plan, but also test the assumptions going into the plan. What if a critical resource is unavailable? Or is competed for by another business unit?  Rehearse: Organizations who had recently rehearsed a pandemic plan were most prepared for COVID-19. Regular real-life tests and simulations are the only way to ensure your organization is ready.  Crisis communication: Put a crisis communications team in place and exercise them regularly. Communication with all stakeholders (internal and external) is a key success metric. Plan  Focus on impact-based planning, i.e., planning should not be too focused on specific risks, rather the plan must be adapted to cope with the unexpected (including incidents that take longer to fully materialize).  Update your planning documents: The Business Impact Assessment (BIA) and Business Continuity Planning (BCP) will require a review as the dependencies you relied upon may have changed (e.g. primary sites are unavailable and most employees are already working from home). Additionally, most BCP’s will require a review of standing down procedures or return to “new normal”.  Alternate sites: Consider how you will respond to future disruptions affecting your employees and alternate workplaces. Do you understand who is dependent on primary or secondary work sites to work and why? What happens if regional employees are affected by a telecommunications or power outage, how will you shift work then? How will you exercise alternate working capabilities in a remote work scenario? How will you exercise with other suppliers or agencies?  Leadership engagement: Make the most use of senior leadership attention while you have it. The pandemic has raised the profile of Business Continuity and organizational Resilience disciplines and demonstrated the valuable role of Business Continuity within organizations. When strategic decisions needed to be made at the onset of the pandemic, did your senior leadership understand the connection between business continuity and a crisis? Were they aware if their organization has an effective pandemic plan? Involve Leadership early and emphasize what is most critical to the enterprise will be a driving factor for business continuity at the table. Cyber Security Observations  Cyber criminals exploiting the pandemic – Cyber attacks modernized and intensified with examples of virus- themed sales of malware, a dramatic increase in the creation of malicious COVID-19 related sites and an increase in phishing scams.  Lack of incident response plans – Organizations that went into response mode (not necessarily informed by tested/validated capabilities) during the pandemic, afforded hackers the ability to exploit vulnerabilities. For example, home offices are not as protected as the fortified office sites that have more secure firewalls, routers, and access management run by their cyber security teams.
  • 3. Atlantic BCAW 2021, Webinar Summary Sheet Join DRIE Atlantic! To register, please email drieatlc@gmail.com or like us on Facebook @drieatlc and LinkedIn linkedin.com/DRIEATLC 3  Fast tracking Digital Solutions – To continue servicing internal and external stakeholders in the “new normal” companies have had to innovate very quickly. A new survey from McKinsey finds that responses to COVID-19 have speeded the adoption of digital technologies by up to seven years. Threat actors also changed their tactics however and took advantage of this period of change to attack across all sectors.”  Ransomware is the cyber weapon of choice –The popularity of crypto currency has made ransomware a lucrative choice for hackers.  Big game hunting – Critical infrastructure, government services such as health and labor, and large organizations are increasingly being targeted by cyber attacks. These attacks have evolved in sophistication because they are being perpetrated not only by the criminal element, but also by nation states actors and for-profit hackers peddling their tools on the dark web. Now you don’t need technical expertise to launch cyber attacks, you can simply “hire a hacker” and split the profits. Lesson 2: Cyber Security Recommendations  Data classification & privacy controls – You need to understand what different types of data exist within your organization. Top 3 questions to ask are: 1. Who can access this data? 2. How is the access recorded? 3. Is the data shareable with others?  Targets, Tactics and Techniques are frequently changing – Hackers and malicious software are finding new ways to compromise –therefore we must implement strong mitigation strategies to counteract this. Short and long- term wins include: 1. Investing in continuous monitoring of systems, especially those that allow access into the corporate network. 2. Subscribing to cyber security reports. 3. Following best practices. 4. Performing frequent software updates. 5. Training your front line - Employees should receive up-to-date and relevant training on vulnerabilities when working remotely to ensure they and the data they work with is protected from unauthorized use and access.  Updated cyber incident response plans – Recent events have showed us that the lines between private and work life are blending, and plans need to reflect this. For example, do you have a procedure for responding to out of office” breaches? The key points in the plan should include: 1. Should your cyber security team have the authority to access personal devices for forensic investigations? 2. What is the role of law enforcement in your plan? 3. What are the expectations for employee(s) whose personal assets were used in a cyber attack? 4. How are employees supported pre/during/post incident? 5. How should employee direct media-related inquires? 6. Are employees legally liable or at risk of losing their jobs for vulnerabilities within their home network or personal devices? 7. What is the escalation protocol to notify stakeholders?
  • 4. Atlantic BCAW 2021, Webinar Summary Sheet Join DRIE Atlantic! To register, please email drieatlc@gmail.com or like us on Facebook @drieatlc and LinkedIn linkedin.com/DRIEATLC 4 Supply Chain Observations  Financial regulators leading the way – Regulators in the UK are leading the way in operational resilience by mandating that financial institutions who use vendors in the delivery of important business services should work effectively with those vendors to set and remain within impact tolerances. o Companies now must identify important business services including those that have the greatest detrimental impacts to customers and market integrity. o Vendors cannot have a one-size-fits-all approach. They will have to adapt their services to individual customer requirements and tolerances.  Global Logistical Delays – Globalization has created a complex web of dependencies affecting upstream and downstream delivery of goods and services. It has become increasingly obvious that many organizations can only identify their critical suppliers and lack the visibility and the tools to quickly identify, track and manage suppliers below the first level.  Suez Canal Tanker Blockage – When the Ever Given, a 220,000-ton ship, became lodged in the Suez Canal, it took only 24 hours for impacts to start rippling through the global supply chain and expose its fragility. By the time the ship was freed, an estimated 350 tankers were stuck on either side of the canal and delays averaging five to six weeks had become common. North American industries like home supply stores, medical equipment suppliers and grocery stores were impacted. Lesson 3: Supply Chain Recommendations  Cross-functional team assessment – Develop a risk-based assessment process to identify applicable risks that could impact your supplier arrangements. You also need to understand the risk these arrangements possess (i.e. concentration risk, reliance risk, business continuity risk). As part of the assessments, build relationships with your suppliers and always strive to assess their business continuity, disaster recovery and third-party management practices to ensure they meet your requirements.  Contingency plans – Be proactive and create contingency plans that can support you in the event of an unforeseen supplier incident, starting with the suppliers that have the greatest potential to impact your ability to operate.  Break down the silos – Business Continuity, Procurement, Risk and Technology should collaborate throughout the contract lifecycle. All groups understand different aspects of the risk and complexities of a supplier arrangement.  Actively monitor – Making technology investments today allows companies to better manage supply chain risk – giving them greater access to timely data, and transparency into their entire supplier network. If you cannot invest in technology, a more agile approach is to create a cross functional team who congregates during incidents or on a pre-defined basis to monitor the supplier environment.
  • 5. Atlantic BCAW 2021, Webinar Summary Sheet Join DRIE Atlantic! To register, please email drieatlc@gmail.com or like us on Facebook @drieatlc and LinkedIn linkedin.com/DRIEATLC 5 References • The future of business continuity and resiliency, BCI: Link • Pandemic response report, from the BCI: Link • 6 hidden costs of misinformation and disinformation in global security and business continuity, Factal Blog: Link • As of March 2020, 27.2% of companies do not have a BCP plan in place and 24% are currently in the midst of drafting one, Mercer: Link • 51% of companies around the world have no plans or protocols in place to combat a global emergency like COVID-19, Mercer: Link • Since the World Health Organization (WHO) declared the COVID-19 outbreak a pandemic on March 11, IBM X- Force has observed a more than 6,000 percent increase in COVID-19-related spam, IBM: link • IBM study: A vast majority of organizations […] are still unprepared to properly respond to cybersecurity incidents, with 77% of respondents indicating they do not have a cybersecurity incident response plan applied consistently across the enterprise, IBM: Link • The popularity of crypto currency and ransomware-as-a-business model has made ransomware a lucrative choice for hackers. Global ransomware damage is predicted to reach $20 billion USD by 2021, Splunk: Link • Why toilet-paper demand spiked 845%, and how companies kept up with it, Business Insider: Link • Canadian Consumers Prepare for COVID-19, Statistics Canada: Link • The ship that blocked the Suez Canal may be free, but experts warn the supply chain impact could last months, CNBC: Link