SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency Perspective

© 2014 IBM Corporation

Critical Infrastructure: Risk, Business Continuity and Cybersecurity - a Resiliency Point of View

Paige Poore

Director of IBM Global Business Continuity, Resiliency Services

© 2014 IBM Corporation2

Critical Infrastructure panel at Securetech 2014

Focus:

1. Resilience and Risk – lessons learned. Take

traditional business continuity to the next level.

2. Cybersecurity - the problem that won't go away.

What do risk and continuity professionals need to

know?

3. How ready are you? Actions you can take -

collaborative actions in managing risks when

disruptions occur

Align for

Advantage



Scanning the Horizon

New Strategic Risks

Enhancing existing

approaches

Are you ready for what’s ahead?



New business realities are changing how we

approach business continuity

ISO 22301

Mergers &

acquisitions

Changing workplace

demographics

Social media

Expansion into new

markets

Elevated risk

awareness

Consider new risks on your horizon

Integration and

consolidation of operations



Reputation risk is driving increased focus

Source: The economics of IT risk and reputation What business continuity and IT security really mean to your organizationFindings from the 2013 Ponemon Institute study sponsored by IBM

Leaders increasingly aware of

economic and reputational impact of disruptions



Vision Critical: Risk of Data Insecurity

Angus Reid

survey thru Vision

Critical

Sponsored by

IBM Canada

Soon to be

published !

Angus Reid, thru Vision Critical, recently conducted a survey to evaluate

Canadian(average user) awareness of IT security and availability issues.

1. 50% of Canadians would likely or very

likely get involved with a organization if

they took extra steps to protect customer

information.

2. 83%+ of Canadians would likely or very

likely switch organizations if they felt their

personal information was not being

adequately protected or if the organization

experienced a major breach.

Private talks with their wallets

Public talks with their votes

Reputation Risk:



• STRATEGIC• Risk based, prioritize, top 5-10%

• Prioritize for investment tradeoff

decisions

• HOLISTIC, 360 degree view • Look past the silos!

• SIMPLE. Consistent• Consistent, Shared Terminology

• Impact based planning

• ISO 22301 – use it as your Rosetta-stone

• Joint testing and collaboration – it’s the simple things that can trip you up!

Resilience and Risk - take the traditional business

continuity approach to the next level

It’s a journey…Focus on these key drivers



Incident occurs

Business Continuity management

is about keeping the business

running after health and safety

issues have been addressed

People

IT Site

Plan

3

#3 Business Continuity

Maintain or resume critical business processes by

enacting appropriate business continuity and / or IT Disaster

Recovery Plan

1. Business Continuity Plan(Business Recovery)

2. IT Disaster Recovery Plan(Technology Recovery)

#1 EmergencyResponse

Priority: protect people and property;

assemble key personnel

(Emergency Plan

#2 Crisis ManagementAssess, act and recover physical services;

Communicate throughout the event

1

4

2

8

Return to Business as Usual

8

Event crisis response through return to normal –

is collaboratively managed with defined declaration, communication and notification protocols



9

Anything that is connected to the

Internet can be hacked.

Everything is being connected to

the Internet

Cloud Based

Computing

Resiliency & Risk for Critical Infrastructure - Technology Trends

Things, in the IoT, can refer to a wide variety of devices such as

- heart monitoring implants, biochip transponders on farm

animals, automobiles with built-in sensors, or field operation

devices that assist fire-fighters in search and rescue.[3] Current

market examples include smart thermostat systems and

washer/dryers that utilize wifi for remote monitoring.

Monitoring and controlling operations of urban and rural

infrastructures like bridges, railway tracks, on- and offshore-

wind-farms is a key application of the IoT.

Source: https://ibm.biz/BdEqrX



$8.98

Are you ready for an always-on world? The next era of

business continuity:



Cybersecurity – The problem that isn’t going away

* >$213 Average cost per compromised record globally, per 2014 Cost of Data Breach Study



Economic impact – 3 key factors

Note: Graphical Views are US averages (vs. global )

Economic impact of critical infrastructure disruptions

- How much it will impact you is dependent on a

number of factors



Looking forward – Economic Impact, Trends & Probability

2006 to 2014 – Trends, Components of cost



Looking forward - Economic Impact, Trends & Probability

Within Next 24

MonthsLikelihood in next 24 months



How do you measure up?



Focus:

1. Resilience and Risk – lessons

learned. Take traditional business

continuity to the next level.

2. Cybersecurity - the problem that won't

go away. What do risk and continuity

professionals need to know?

3. How ready are you? Actions you can

take - collaborative actions in managing

risks when disruptions occur

Align for

Advantage



Actions you can take

Collaborative

action in

managing risks

when

disruptions

occur



Business continuity and cyber security can work in

tandem to limit damage

$145

$136

Average of $9

Because data breaches often

affect thousands of records, the

savings can be significant.

1. Business continuity helps reduce cost of data breach

3. However, that involvement occurs too infrequently –

55%of the organizations studied said

that business continuity management is

either not involved or only informally

involved in data breach

2. Organizations are about

5% percent less likely to

suffer a data breach when

they involve business

continuity in a cyberincident5% Less Likely



Collaboration - How to involve business continuity with cyber

security

Establish cross-representation

Conduct joint recovery testing

Leverage crisis management for coordination

Speak language the business understands –

economic impact

2

3

1

4

Align for

Advantage

use the 2014 Cost of Data Breach Study to begin

building a persuasive business case



Thank you

Paige Poore

Director of IBM Global Business Continuity

linkedin.com paige poore

[email protected]

twitter.com/poore27

https://ibm.biz/BdDySU




mailto:[email protected]

https://twitter.com/poore27



For more information…

IBM’s internal implementation of Global Business Continuity Management -

Read the IBM Thought Leadership White Paper - How IBM is enhancing BCM to

help address changing business realities - A more business-centric approach to

help reduce business continuity risk”.

Download a copy of the paper here: http://ibm.co/1hIruml

2014 Cost of Data Breach Study: Global Analysis: Read the global analysis

for a worldwide view plus new data on security threats and the role of business

continuity management

Download a copy of the paper here: http://ibm.co/1g6STe6

hhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=gts-LITS-WebOrganic-NA&S_PKG=ov19033&S_TACT=3K1AD4MW&lang=en-gb








http://ibm.co/1hIruml

https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=gts-LITS-bus-conn-NA&S_PKG=ov18924&S_TACT=3K1AD4LW&lang=en-gb

http://ibm.co/1g6STe6