Chapter 13 Business Continuity Management and Cybersecurity
Marsh Sek Seong Lim, Marsh Risk Consulting Business Continuity Leader for Asia, Singapore
The business continuity manager, Loretta, spoke solemnly to CEO Tom. “All our information and communications systems and services are under cyber attack. All our data and information files are locked by ransomware.”
Tom replied curtly, “But how can this cyber disaster occur? I was given assurances by the internal and external IT experts that our setup is extremely resilient, with the latest state-of-the-art cybersecurity protection and detection systems and services?”
Nathan, the chief risk officer interjected, “The organization took a prudent approach to implement an IT disaster recovery center (DRC), housing all critical servers and databases; including two or more data feeds to ensure critical data are regularly replicated to the DRC.”
Loretta chimed in, “Unfortunately, this allowed the attack and ransomware to infect the DRC systems and databases. We do not have an independent IT disaster recovery set up and no secondary back up storage media. The decision was made on the advice that the risk of such a scenario is very low. Our business continuity, crisis management, and communications plans—developed to enable us to recover at an alternate site when the primary site and data center activities are disrupted for a significant period—do not provide the processes and procedures to deal with this cyber disaster.”
Good International ...
Get The Cyber Risk Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.