Upload
poore120
View
171
Download
0
Tags:
Embed Size (px)
DESCRIPTION
SecureTech: Risk, Business Continuity and Cybersecurity - A Resiliency Perspective
Citation preview
© 2014 IBM Corporation
Critical Infrastructure: Risk, Business Continuity and Cybersecurity - a Resiliency Point of View
Paige Poore
Director of IBM Global Business Continuity, Resiliency Services
© 2014 IBM Corporation2
Critical Infrastructure panel at Securetech 2014
Focus:
1. Resilience and Risk – lessons learned. Take
traditional business continuity to the next level.
2. Cybersecurity - the problem that won't go away.
What do risk and continuity professionals need to
know?
3. How ready are you? Actions you can take -
collaborative actions in managing risks when
disruptions occur
Align for
Advantage
© 2014 IBM Corporation3
Critical Infrastructure panel at Securetech 2014
Scanning the Horizon
New Strategic Risks
Enhancing existing
approaches
Are you ready for what’s ahead?
© 2014 IBM Corporation4
Critical Infrastructure panel at Securetech 2014
New business realities are changing how we
approach business continuity
ISO 22301
Mergers &
acquisitions
Changing workplace
demographics
Social media
Expansion into new
markets
Elevated risk
awareness
Consider new risks on your horizon
Integration and
consolidation of operations
© 2014 IBM Corporation5
Critical Infrastructure panel at Securetech 2014
Reputation risk is driving increased focus
Source: The economics of IT risk and reputation What business continuity and IT security really mean to your organizationFindings from the 2013 Ponemon Institute study sponsored by IBM
Leaders increasingly aware of
economic and reputational impact of disruptions
© 2014 IBM Corporation6
Critical Infrastructure panel at Securetech 2014
Vision Critical: Risk of Data Insecurity
Angus Reid
survey thru Vision
Critical
Sponsored by
IBM Canada
Soon to be
published !
Angus Reid, thru Vision Critical, recently conducted a survey to evaluate
Canadian(average user) awareness of IT security and availability issues.
1. 50% of Canadians would likely or very
likely get involved with a organization if
they took extra steps to protect customer
information.
2. 83%+ of Canadians would likely or very
likely switch organizations if they felt their
personal information was not being
adequately protected or if the organization
experienced a major breach.
Private talks with their wallets
Public talks with their votes
Reputation Risk:
© 2014 IBM Corporation7
Critical Infrastructure panel at Securetech 2014
• STRATEGIC• Risk based, prioritize, top 5-10%
• Prioritize for investment tradeoff
decisions
• HOLISTIC, 360 degree view • Look past the silos!
• SIMPLE. Consistent• Consistent, Shared Terminology
• Impact based planning
• ISO 22301 – use it as your Rosetta-stone
• Joint testing and collaboration – it’s the simple things that can trip you up!
Resilience and Risk - take the traditional business
continuity approach to the next level
It’s a journey…Focus on these key drivers
© 2014 IBM Corporation8
Critical Infrastructure panel at Securetech 2014
Incident occurs
Business Continuity management
is about keeping the business
running after health and safety
issues have been addressed
People
IT Site
Plan
3
#3 Business Continuity
Maintain or resume critical business processes by
enacting appropriate business continuity and / or IT Disaster
Recovery Plan
1. Business Continuity Plan(Business Recovery)
2. IT Disaster Recovery Plan(Technology Recovery)
#1 EmergencyResponse
Priority: protect people and property;
assemble key personnel
(Emergency Plan
#2 Crisis ManagementAssess, act and recover physical services;
Communicate throughout the event
1
4
2
8
Return to Business as Usual
8
Event crisis response through return to normal –
is collaboratively managed with defined declaration, communication and notification protocols
© 2014 IBM Corporation9
Critical Infrastructure panel at Securetech 2014
9
Anything that is connected to the
Internet can be hacked.
Everything is being connected to
the Internet
Cloud Based
Computing
Resiliency & Risk for Critical Infrastructure - Technology Trends
Things, in the IoT, can refer to a wide variety of devices such as
- heart monitoring implants, biochip transponders on farm
animals, automobiles with built-in sensors, or field operation
devices that assist fire-fighters in search and rescue.[3] Current
market examples include smart thermostat systems and
washer/dryers that utilize wifi for remote monitoring.
Monitoring and controlling operations of urban and rural
infrastructures like bridges, railway tracks, on- and offshore-
wind-farms is a key application of the IoT.
Source: https://ibm.biz/BdEqrX
© 2014 IBM Corporation10
Critical Infrastructure panel at Securetech 2014
$8.98
Are you ready for an always-on world? The next era of
business continuity:
© 2014 IBM Corporation11
Critical Infrastructure panel at Securetech 2014
Cybersecurity – The problem that isn’t going away
* >$213 Average cost per compromised record globally, per 2014 Cost of Data Breach Study
© 2014 IBM Corporation12
Critical Infrastructure panel at Securetech 2014
Economic impact – 3 key factors
Note: Graphical Views are US averages (vs. global )
Economic impact of critical infrastructure disruptions
- How much it will impact you is dependent on a
number of factors
© 2014 IBM Corporation13
Critical Infrastructure panel at Securetech 2014
Looking forward – Economic Impact, Trends & Probability
2006 to 2014 – Trends, Components of cost
© 2014 IBM Corporation14
Critical Infrastructure panel at Securetech 2014
Looking forward - Economic Impact, Trends & Probability
Within Next 24
MonthsLikelihood in next 24 months
© 2014 IBM Corporation15
Critical Infrastructure panel at Securetech 2014
How do you measure up?
© 2014 IBM Corporation16
Critical Infrastructure panel at Securetech 2014
Focus:
1. Resilience and Risk – lessons
learned. Take traditional business
continuity to the next level.
2. Cybersecurity - the problem that won't
go away. What do risk and continuity
professionals need to know?
3. How ready are you? Actions you can
take - collaborative actions in managing
risks when disruptions occur
Align for
Advantage
© 2014 IBM Corporation17
Critical Infrastructure panel at Securetech 2014
Actions you can take
Collaborative
action in
managing risks
when
disruptions
occur
© 2014 IBM Corporation18
Critical Infrastructure panel at Securetech 2014
Business continuity and cyber security can work in
tandem to limit damage
$145
$136
Average of $9
Because data breaches often
affect thousands of records, the
savings can be significant.
1. Business continuity helps reduce cost of data breach
3. However, that involvement occurs too infrequently –
55%of the organizations studied said
that business continuity management is
either not involved or only informally
involved in data breach
2. Organizations are about
5% percent less likely to
suffer a data breach when
they involve business
continuity in a cyberincident5% Less Likely
© 2014 IBM Corporation19
Critical Infrastructure panel at Securetech 2014
Collaboration - How to involve business continuity with cyber
security
Establish cross-representation
Conduct joint recovery testing
Leverage crisis management for coordination
Speak language the business understands –
economic impact
2
3
1
4
Align for
Advantage
use the 2014 Cost of Data Breach Study to begin
building a persuasive business case
© 2014 IBM Corporation20
Critical Infrastructure panel at Securetech 2014
Thank you
Paige Poore
Director of IBM Global Business Continuity
linkedin.com paige poore
twitter.com/poore27
© 2014 IBM Corporation21
Critical Infrastructure panel at Securetech 2014
For more information…
IBM’s internal implementation of Global Business Continuity Management -
Read the IBM Thought Leadership White Paper - How IBM is enhancing BCM to
help address changing business realities - A more business-centric approach to
help reduce business continuity risk”.
Download a copy of the paper here: http://ibm.co/1hIruml
2014 Cost of Data Breach Study: Global Analysis: Read the global analysis
for a worldwide view plus new data on security threats and the role of business
continuity management
Download a copy of the paper here: http://ibm.co/1g6STe6