Cyber Security and BIA – Preparation is the Key!

As part of the overall Disaster Recovery (DR)  and Business Continuity Plan (BCP), organizations must look into certain time sensitive factors hence put into practice a thorough business impact analysis.  When implemented properly, this all contributes to the overall success of an organizations’ Cyber Security strategy.

As discussed previously, Business Impact Analysis helps a company decide exactly what needs to be recovered and in what amount of time. There are 2 different types of analysis that business planners take into consideration:

Quantitative Decision Making: Basically, this involves the use of numbers and formulas to make a decision. As a result, the data often expressed is in terms of dollar value for the business.

Qualitative Decision Making: This type of decision making take into account non-numerical factors such as emotions, investor/customer confidence and stability among other concerns.

The Cyber Security team incharge of BCP needs to assess all the organizations’ assets and then assign an asset value (AV) in monetary terms to each asset. The second quantitative measure that team must look into is the maximum tolerable downtime (MTD) also known as maximum tolerable outage (MTO). In a nutshell, the MTD is the maximum length of time an organization function can be inoperable without causing irreparable harm to the business. Overall, MTD  provides crucial information and when an organization is performing  both BCP and DR planning. The Recovery Time Objective (RTO) should also be considered for each organization function. This is basically, the amount of time in which you think the organization can easily function in the event of disruption. Furthermore, Recovery Point Objective (RPO) also needs to taken into account which basically tells the planner the point of time up until the data needs to be recovered.

 

Overall, the goal of BCP process is to ensure that businesses RTO are less than their MTDs resulting in situation in which a business function should never be unavailable beyond the maximum tolerable downtime. The man made and natural risks also need to be identified as well. Besides the loss in terms of monetary amount other qualitative points of view need to be considered such as:

1.) Loss of trust among your client base

2.) Loss of employee to other jobs after lengthy downtime

3.) Social and Ethical responsibilities to the community

4.) Getting negative publicity

In conclusion, BIA can prove invaluable to the overall success of the organization.  As result, this can save organization thousands and even millions of dollars when done properly. The security consultants at Silex Systems can guide an organization to meet their BIA and cyber security needs.

 

Business Impact Analysis (BIA) as part of your Cyber Security Plan

In one of my previous posts, I had written about Disaster Recovery and Business Continuity and the steps individuals as well as organizations can take to overcome not to mention reduce, today’s cleverly disguised cyber attacks.

Business Impact Analysis (BIA) should be a key part of the overall cyber security plan for any organization. Basically, BIA helps a company decide what needs to be recovered and in what amount of time. As part of BIA, an organization needs to identify mission critical functions and make sure they are prioritized.

All the critical functions of the organization need to be examined thoroughly to see how long can the company function without causing significant financial losses, unhappy customers, incurring substantial penalties or fines from regulators and possibly lawsuits!

 

Furthermore, the organization needs to decide what it’s key functions are as they relate to organization and the technology associated with it needs to be classified based on  recovery priority. Another crucial point to keep in mind is that recovery time frame is based on results of not performing the function.

 

The planner who is part of the Business Impact Analysis team would need to classify the low, medium and high impact areas as well as the time it takes before the impact is noticed.

The fact of the matter is that today’s organizations cannot function without data. The BIA team must take into account all kinds of data associated with the organization. This is also where Recovery Time Objective (RTO), Mean Time Between Failures (MTBF), Maximum Tolerable Downtime (MTD) and Recovery Point Objectives (RPO) would come in to consideration. Stay tuned as these would be discussed in future posts. As always, you may also call the security consultants at Silex Systems for further information.

Cyber Security – Mitigating Risks

In order to find how serious the cyber threats have become, all we have to do is to look at the timeline of the series of attacks that have taken place around the globe over the past 5 years. Computer viruses along with malware and hacking attacks have become more complex and difficult to anticipate.

The numbers are staggering. Number of reported incidences have skyrocketed from around 5,500 in year 2006 to over 48,500 incidences in 2012 according to US-Cert.

Web Development Work Concept. HTML CSS Programming Job. Programmer Working on His Laptop Computer Concept.

So what can organizations do to better safe guard there networks? As emerging technologies such as cloud computing, mobile and big data become more wide spread, it is imperative for organizations both small and large to formulate a strategy to minimize the risks of such attacks. Here are some guidelines:

1.) They can start by collaborating and developing secure information sharing.

2.) They need to implement real-time awareness to determined different types of threat levels and risks.

3.) With in the organization, they need to define clear usage policies for data access and ownership.

4.) More often then not, they need to review as well as test systems to assess vulnerabilities.

5.) Organizations need to train their staff as well to understand compliance requirements to keep systems secure.

According to study conducted by Ponemon Institute’s 2013 Cost of Cyber Crime, on the average a company in the US gets more than 100 successful cyber attacks each year at a cost of $11.6 million. That’s an increase of 26% from 2012.

The good news is that study further showed that companies that implemented and were enablers of security technologies reduced losses by nearly $ 4 million. Furthermore, those companies that even practiced employing good security governance reduced costs by an average of $1.5 million.

The security professionals at Silex Systems can help your company plan a strategy to safeguard its data assets against cyber threats. We at Silex Systems can provide a total turn key solution based on both the latest hardware and software. Call us today and sleep stress free tonight!

 

IoT – Connected Devices and Security

At this point, one can only imagine what life would be like with self driving (autonomous) cars on streets every where. Let’s not forget all the devices including home appliances and electronic items connected via the internet and passing information to one another. Together as a whole also known as Internet Of Things (IoT), all the devices connected together are suppose to make our lives more efficient, automated while being more economical.

But with added benefits of automated homes and offices comes the downside of these devices  getting hacked and bringing down the rest of the network with them. Cyber security companies are rushing to bring out products and services to the market to address these vulnerabilities. Even the IoT device manufacturers send out patches for protection but very few folks actually apply them. There has to be better way, a standard that can protect these IoT devices from external threats.

The fact of the matter is that most manufacturers of these IoT devices intentionally allow remote access for patching, administration, upgrades and bug fixing just to name a few. Most of the users of the these devices on the other hand do not know about these backdoor vulnerabilities.

The manufacturers of these devices along with security companies are trying to find different ways to better protect as well as update these devices. Firewalls are not just for offices anymore. As more and more appliances at home such as our CCTV cameras, TV sets, washing machines and refrigerators get connected on world wide web and become available “online” in addition to the laptops, iPads and smart phones,  placing SOHO (small office home office) firewalls would be a good start to guard against these ever so evolving cyber threats. Talk to the professionals at Silex Systems to get free assessment of your home and office networks against cyber threats today.

 

Cyber Security – Time to Act Is Now!

Let’s just stop what you are doing and think for a second. Basically, security is defined as state of being free from danger or threat. In a similar manner, having well thought out cyber security strategy gives a person or an organization for that matter confidence to conduct tasks and gives them the edge to succeed in a fast changing global environment.

Today’s organizations, not matter what size, require a proactive approach in “real time” to constantly assess, analyze and fight new cyber threats generating every day. Gone are the days where organizations would wait for threats to appear and then take appropriate action based on them. World class cyber security companies in partnership with local governments have setup cyber threat monitoring centers that are constantly scanning web traffic. As a result, organizations are better prepared for cyber threats even before they are struck.

Due to spike in cyber threats in recent years, whether they are related to computer and/or network intrusion, ransomware, corporate security breaches, spear phishing or social media fraud, former President of the United States, Barack Obama issued an Executive Order 13636 “Improving Critical Infrastructure Cyber Security” in February, 2013. Basically, this Executive Order established United States policy to further improve its critical infrastructure and to maintain a cyber environment that promotes creativity, efficiency and economic well being while at the same time assisting safety, security, business confidentiality, privacy as well as civil liberties.

As more and more devices are connected online and vast amounts of data both confidential and otherwise is moved on to the cloud, it is imperative for organizations as well as individuals to start re-assessing their cyber security infrastructure in place. As cyber security professionals dealing with such threats the last 20 years, the team here at Silex Systems can provide you and your organization both hardware and software based customized solutions to meet every budget.