For this week’s “In the News”, research a recent article that relates how an organization was benefitted by their business continuity program, or suffered due to the lack of an adequate program? What are the key lessons learned from the article?
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Kelly Sharadin says
In our newly remote world, many organizations rely on Microsoft 365 (M365) business productivity SaaS to conduct their operations. This past week M365 customers experienced a worldwide infrastructure outage in multiple regions including EMEA (Europe, the Middle East, and Africa), North America, and the Asia-Pacific regions. The outage impacted such services as Microsoft Teams, Exchange Online, SharePoint Online and even the Graph API (I can only imagine the impact on SIEMs ingesting MSFT data via the Graph API). Consumers were wildly disappointed with Microsoft’s ability to communicate timely status updates regarding remediation and root causes of the outage. After 16 hours, Microsoft restored operations and notified customers of the infrastructure power outage that impacted M365 traffic management. This incident underscores the importance of integrating customer communications as part of a BCP/DR plan especially if your business is responsible for providing services that require high availability. Futhermore, for customers of business productivity SaaS it would be wise to factor in such outages for their own BCP/DR plans to prevent over-reliability on such products.
https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/
Anthony Wong says
In November 2021, the Australian Securities Exchange (ASX) experienced a “software” issue that affected the availability for users to trade leading to a pause trade. The Australian Securities and Investments Commission (ASIC) performed an investigation on the incident and determine ASX did not have a comprehensive test strategy, which could have reduced the likelihood of this event. ASIC set expectations for business continuity and disaster recovery such as simulated tests of market outage and full-test of the disaster recovery plan. Additionally, ASIC expects automated tools and processes to identify issues in real-time. Due to the lack of testing of the business continuity and disaster recovery plan, the ASX had to pause all trades made because software issues that could have be proactively identified.
https://www.zdnet.com/article/asic-wants-industry-to-simulate-outages-and-recovery-strategies-to-improve-resilience/
Kyuande Johnson says
Lincoln College, a private, predominantly Black university in Illinois that has been around for 157 years, closed permanently, citing cyberattacks and the pandemic as reasons. The school had record enrollment in 2019, but the pandemic impacted campus life and limited the school’s ability to raise money. Then, in December, a ransomware attack “thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of fall 2022 enrollment projections, The systems required for recruitment, retention, and fundraising efforts were inoperable after the attack—and while the school paid the hackers a ransom fee, the system didn’t completely come back online until March of this year. By then it was too late. Significant enrollment shortfalls put the school in a hole it couldn’t get out of. The key lesson learned from this attack is to always have a disaster recovery plan in place. If the school had a backup or snapshot critical systems, the ransomware attack would not have caused this much damage. This would’ve saved the school money because they would not be required to pay the ransom and most importantly there wouldn’t save been a significant amount of critical system downtime.
https://www.fastcompany.com/90764018/ransomware-attacks-cost-schools-universities-3-5-billion
Kelly Sharadin says
Hi Kyuande,
I remember this article when it came ou,t so upsetting and demostrates the full scale of destruction ransomware can cause organizations. In some of table top exercises focused on ransomware I’ve been apart of one of the questions we’ve asked clients is whether they will pay the ransomware as part of their recovery efforts to restore operations. The US government takes a stance that businesses should not pay the ransomware but I understand the pressure victim organizations must feel. I agree with you had the school implemented a robust backup plan they wouldn’t have been rendered so vulnerable.
https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf
Kelly
Vraj Patel says
ARcare is a healthcare provider that has facility in Arkansas, Kentucky, and Mississippi. ARcare has recently admitted that they had a data breach which has resulted in compromising 345,000 people’s information. Based on the investigation that was being performed by ARcare, the attacker was within the network for over five-weeks. The potential data that was being compromised based on the article were: “Names, Social Security numbers, drivers’ license or state identification numbers, dates of birth, financial account information, medical treatment information, prescription information, medical diagnosis or condition information, and health insurance information”. Upon identifying the incident ARcare has notified the appropriate individual of the data breach and has updated its policies and procedures to protect its data. As part of the lesson learn after the incident, ARcare has identified the gaps within their security and has put in proper security measures to remediate those risks.
References:
https://portswigger.net/daily-swig/data-breach-at-us-healthcare-provider-arcare-impacts-345-000-individuals
Shubham Patil says
Kronos revealed that it had been the victim of a ransomware attack, leading to its customers’ payroll systems being taken down and employee data compromised. Kronos’ Business Continuity Plans Were Insufficient. Kronos might have been able to avoid this PR nightmare if it had heeded the warnings of its customers and taken steps to secure its systems. Disaster recovery plans are vital for any organization, no matter how big or small. But it seems that Kronos did not have a plan for this data breach. It is still unclear exactly how much data was stolen and what the hackers now have access to. The data breach at Kronos is a reminder that no organization is safe from cyberattacks. It also highlights the importance of having a robust disaster recovery plan in place
Link: https://www.digitaljournal.com/pr/kronos-workforce-ransomware-attack-is-a-teachable-moment
Mohammed Syed says
Every organization should have a proper Business Continuity Plan for the critical situation which can occur at any unexpected time and disrupt the business continuity revenue, goodwill, and more. Always organization has BCP, Risk assessment, Business impact analysis and recovery plan, mitigation plan, prevention techniques, best data backup systems, more innovative and advanced technology solutions to face any threat, and intelligent recovery plan for any situation without affecting business continuity.
https://invenioit.com/continuity/4-real-life-business-continuity-examples/
Mitchell Dulaney says
“Ransomware post-mortem: Ireland HSE cyberattack, recovery dogged by missteps”
Ireland’s public healthcare provider network, the Health Service Executive (HSE), suffered from a widespread ransomware attack in May 2021. While initial costs were estimated at $600 million ($120 million dollars of which went toward initial recovery, replacing affected systems, and payments for third-party support providers), it is likely that the actual long-term costs of the attack go well beyond that estimate. The internal information security and IT departments were woefully unprepared to respond in this situation. They were unable to prioritize high-important recovery responses or tasks, and they failed to maintain a prepared list of critical systems and applications that should be prioritized during recovery efforts in such a widespread cyber attack. As a result, they required assistance from multiple government groups and third-party contractors. Even with that assistance, they were only able to recover their systems and applications after the threat actors voluntarily (without the ransom being paid) published a decryption key that allowed the HSE to decrypt the ransomed files. The authors of a post-mortem report by PricewaterhouseCoopers noted that “it is highly likely that segments of data for backup would have remained encrypted, resulting in significant data loss” because the the HSE’s infrastructure was “only periodically backed up to offline tape”. This irregular and uncomprehensive backup procedure reflects another failure in the organization’s business continuity planning. Overall, the recovery took almost five months, an intolerable length of time for a healthcare system.
https://www.scmagazine.com/analysis/ransomware/ransomware-post-mortem-ireland-hse-cyberattack-recovery-dogged-by-missteps
Antonio Cozza says
Recently there has been a cyberattack that has heavily impacted availability of systems at Wiltshire Farm Foods and is, while not yet disclosed, likely to be the result of a crippling ransomware attack according to cyber researchers. The article does not explicitly discuss the BCP, but it is quite apparent that it did not have a tested and executable one as ransomware, while being utilized heavily around the world, is in most cases not very complicated of an attack, and simple business continuity plans and restoration strategies can mitigate today. It is clear that a lacking BCP is part of the issue, as the company’s systems are rendered useless for an extended period of time, signaling a lack of tested backups, or readiness for this type of common event in the cyber threatscape today.
https://www.infosecurity-magazine.com/news/ransomware-wiltshire-farm-foods/