This scenario based seminar addresses compliance issues in the Cloud.

Compliance Without Control

Untitled 51.png

The increasing dependence of organisations on applications in the cloud has made it more challenging for privacy, risk and business continuity executives to satisfy themselves that they are complying with privacy and resilience regulations.

Hear from experts address the issues that arise when things go wrong. They will work their way through a realistic scenario, that worsens over time.

We will present the perspective of an APRA regulated user, a cloud services provider and the regulator.

There will be plenty of opportunity for questions and networking at this interactive and stimulating session. Drinks will be served at the conclusion of the session.

Melbourne October 16

Sydney October 17

How CIOs can prepare to combat cyber attacks | Network World

If you’re like most chief information officers (CIOs), you may be feeling a sense of uncertainty and unpreparedness when it comes to dealing with cyber threats. And the truth is, you likely have good reason to feel that way.

“Cyber attackers are more organized and sophisticated than ever,” stated KPMG’s Steve Bates. “They’re using better tools and have greater access to funding — be it from competing corporations, rogue nations, or activist groups. These cyber criminals have the commitment and the means to breach and inflict significant damage to almost any company.” Read more

The Untold Story of NotPetya, the Most Devastating Cyberattack in History | Wired

A lengthy, but fascinating story on the NotPetya attack:

"In those physics, NotPetya reminds us, distance is no defence. Every barbarian is already at every gate. And the network of entanglements in that ether, which have unified and elevated the world for the past 25 years, can, over a few hours on a summer day, bring it to a crashing halt."

Newsletter September 2018

Welcome to the September edition of the Continuity Matters Newsletter!

As Florence bears down on the coast of North and South Carolina, it is a salutary reminder of the power of nature. There are 56 data centres in North Carolina and 11 in South Carolina. Apple, AWS, Google, IBM all have data centres in the area. Facebook has a 30,000m2 data centre (that’s 7.5 acres!). See here for a listing. The full impact of the storm is unknown – but the predictions are ominous. Authorities are expecting lengthy power outages and extensive flooding.

We have compiled some very interesting articles that discuss the key resilience issues facing data centre and cloud providers in the face of this enormous storm.

Don't forget to reserve you seat for our upcoming seminar in October!


Continuity Matters' Upcoming Seminar – “Compliance Without Control”

The increasing dependence of organisations on applications in the cloud has made it more challenging for risk and business continuity executives to satisfy themselves that the applications will be recoverable in the event of a disruption.

If your organisation has deployed critical applications to the cloud, how will you assure yourself (and possibly the regulator) that your systems are recoverable in the time and manner you require?

Hear from experts address this issue and work their way through a realistic scenario. We will present the perspective of an APRA regulated user, a provider and the regulator.

There will be plenty of opportunity for questions and networking at this interactive and stimulating session. Drinks will be served at the conclusion of the session.

Hit by the Azure outage? Watch out for Hurricane Florence!

“With Hurricane Florence bearing down on the Southeast US as I write this post, I certainly hope if your data center is in the path of the hurricane you are taking proactive measures to gracefully move your workloads out of the impacted region. The benefit of a proactive disaster recovery vs a reactive disaster recovery are numerous, including no data loss, ample time to address unexpected issues, and managing human resources such that employees can worry about taking care of their families, rather than spending the night at a keyboard trying to put the pieces back together.”

Lessons learned from past disasters

Robby Hill, founder and CEO of HillSouth, a Florence, S.C.-based managed services provider, told CRN: "During Matthew, we found we didn't have enough backup power for our office building, since then, we have implemented and tested our power. After Matthew, we were stuck with portable generators. Now we have one installed in our building. Matthew tested us. We were out of power for a week." 

Weather report

We can’t say we were not warned. Earlier this year, the World Economic Forum published the Global Risk Report 2018. On page 3 of the report, the Global Risks Landscape 2018 chart had 6 out of the 7 most likely and impactful risks attributable to climate change. This assessment has proved to be scarily accurate.

Why using the Potluck approach is a risky strategy

Many organisations make no formal workplace recovery arrangements for crisis management and the recovery staff. Many hope that their offices will never suffer a disaster and even if they do – intend to use the “Potluck” approach and go to a hotel if the need arrives.  
We believe this is a risky strategy - and here's why.

The Risk of the “Potluck” Approach

Many organisations make no formal workplace recovery arrangements for crisis management and recovery teams. Many hope that their offices will never suffer a disaster and even if they do – intend to use the “potluck” approach and go to a hotel if the need arrives.

Untitled37.png

Taking the “Potluck” approach is very common and fraught with risk. It has five main weaknesses:

  • It assumes that there will always be suitable hotel accommodation when you need it. Often that is a reasonable assumption, but what if your crisis occurs during a very busy period during a major event in your city - eg Formula 1, the Australian Open, Racing Carnival, Global Rotarians Convention in town etc?

  • If your offices accommodate a large number of staff, it is likely that most will be asked to work from home. However, it will be essential to accommodate your recovery team in the one location. You will need to make critical decisions under duress and be able to discuss matters many issues that are time sensitive and/or confidential. This can only be done if your recovery team is housed in the one secure location.

  • It also assumes that your firm is the only one impacted by the crisis. What if there is a crisis that impacts a whole city – eg Brisbane floods, Sandy in New York etc? During these periods, hotel accommodation becomes rare and if available, very expensive.

  • Not having a reserved workplace weakens the benefit of exercising your recovery. The purpose of exercising is for your crisis management team to quickly and efficiently become operational. If the teams exercise in a different hotel every year or actually need to recover in an untested hotel, your organisation’s recovery time will be slower.

  • Our reliance on technology is increasing every year. To make your crisis team productive quickly, they need reliable access to computers, networks and your applications in a reliable and secure manner. If your computers are lost, where and how will you secure your replacement computers? If you have never tested the technical infrastructure of a hotel you are unfamiliar with, how much recovery time will be wasted by getting the technical infrastructure stood up?

To avoid these traps, make sure you have secured a workplace recovery solution.

Australian Influenza Surveillance Report - fortnight ending 26 August 2018.

Although the flu season is coming to an end it pays to be vigilant. Healthdirect has a succinct article on 6 ways to fight the flu, and below is the latest influenza surveillance report …. this year seems to have been a “normal” year.

 PHOTO: Influenza A virus H3N2, part of the Vivid Sydney installation Beautiful and Dangerous. (Source: CSIRO) http://www.abc.net.au/news/2018-05-28/virus-1/9807346

PHOTO: Influenza A virus H3N2, part of the Vivid Sydney installation Beautiful and Dangerous. (Source: CSIRO) http://www.abc.net.au/news/2018-05-28/virus-1/9807346

  • Activity –Person to person transmission of influenza and influenza-like illness (ILI) in the community is low and remains within or below the bounds of previous years. Rhinovirus was the most common respiratory virus detected in patients presenting with ILI to sentinel general practices this fortnight.

  • Severity –Clinical severity for the season to date, as measured through the proportion of patients admitted directly to ICU, and deaths attributed to influenza, is low.

  • Impact – Currently, the impact of circulating influenza on society is low.

  • Virology – This fortnight, the majority of confirmed influenza cases reported nationally were influenza A (85%).

Healthdirect has a succinct article on 6 ways to fight the flu

  • Get a flu shot - It is important to get the influenza vaccination each year to continue to be protected, since it wears off after 3 to 4 months. Flu strains (types) also change over time.

  • Wash your hands - In addition to vaccination, good hygiene is one of the best ways to help prevent colds and flu from spreading. Wash your hands regularly.

  • Cover coughs and sneezes - Cover your mouth and nose when coughing or sneezing.

  • Bin your tissues - Throw disposable tissues in the bin immediately after using them.

  • Avoid sharing - Don't share cups, plates, cutlery and towels with other people, if you can.

  • Keep surfaces clean - Clean surfaces such as your keyboard, telephone and door handles regularly to get rid of germs.

  • Self-care at home - In most cases you can treat mild cold or flu symptoms at home.

NOTE: Antibiotics won't help - Antibiotics do not reduce symptoms of colds and flu as these illnesses are caused by viruses. Antibiotics only work for bacterial infections.

Staff often still come to work when they are sick. They infect others on public transport on the way in to work, infect their colleagues at the office and then again on the way home. Actively encourage your staff to stay home when they are sick. It’s good for business continuity!

Weather in 2018 – North & Southern Hemispheres

This year in Australia, the impact of severe weather has been primarily interruptions to power supplies. Darwin suffered a Category 2 cyclone in March which resulted in the Insurance Council declaring a Catastrophe for the area. Although most buildings avoided serious damage – large parts of Darwin were without power for many days – primarily because of trees falling onto power lines.

We tend to underestimate our reliance on reliable power. Although many businesses in Darwin were lucky to escape physical damage, having no power for several weeks can have a substantial impact on business operations. The rapid trend towards “Touch and Pay” in retail outlets, means that fewer people carry cash and a power outage has a much bigger impact than when “cash was king”. Is your business dependent on a thriving retail channel?

Untitled33.png

A similar storm impacted Perth in early June, resulting in power outages to 10,000 homes.

In the Northern Hemisphere, they have experienced an extraordinary summer.

High temperature and low rainfall records have been broken in many countries. Raging fires have impacted California through to Greece. If you have any lingering doubts about the extent of the heat wave – this article provides an amazing summary of what’s been happening this summer.

The impacts have been diverse. Power supplies have been interrupted because of demand increases due to the increased use of air conditioners, whilst the efficiency of the power plants decreases with higher temperatures. Some power plants had insufficient cooling water or the river water used for cooling was too warm!

When a blistering heat wave struck the Southland region in California earlier this month, the region’s electric grid was so overwhelmed that more than 100,000 customers in Los Angeles had at some point lost power. Some went days without electricity. Here in Australia, the power distributors will load shed by shutting down power supplies to whole suburbs.

No doubt in the coming weeks, we will read about the human impact of the heatwaves. In past heatwaves, vulnerable people died from the heat. Unlike Australians, Europeans are unused to these high temperatures and often are unaware of the dangers of heat exposure and the effects of dehydration.

Hurricane Florence: Amazon, Google, Microsoft Cloud Data Centers In Storm's Path? | ChannelE2E

Parkway Tech’s Winston-Salem location is several hours inland from the U.S. east coast. “But this monster storm is expected to bring us high winds and the potential for 16 inches of rain as it stalls over us,” Michalec notes. “Having been through Hurricane Floyd that brought epic flooding to North Carolina in 1999, I’m probably a bit more wary than most when it comes to flooding.”

Lessons Learned: Past Disasters Have Prepared Solution Providers For Hurricane Florence | CRN

"During Matthew, we found we didn't have enough backup power for our office building," Hill told CRN. "Since then, we have implemented and tested our power. After Matthew, we were stuck with portable generators. Now we have one installed in our building. Matthew tested us. We were out of power for a week." 

Other lessons learned from Matthew include understanding how critical cellphones are after a disaster, Hill said. "We've helped clients implement cellphone modems to maintain contact," he said.

Information Security News | Trusted Impact
Untitled14.png

Trusted Impact is a leading security consultancy focused entirely on helping clients achieve their business objectives in the field of information security.

Their latest newsletter covers topics such as GDPR, City of Atlanta's ransomeware attack, Yahoo's million dollar fine and the Pageup data breach. Click here to download the newsletter, or here to view past newsletters and to subscribe.  

EU Financial Regulators Report about future risks | European Supervisory Authorities

The latest report on risks and vulnerabilities by the Joint Committee of the European Supervisory Authorities (ESAs) shows that the securities, banking and insurance sectors in the European Union (EU) face multiple risks. And, although this report is focussed on the EU, a number of risks and vulnerabilities also apply to the Australian market. 

The latest ESA report outlines the following risks as potential sources of instability:

  • Uncertainties around the terms of the UK's withdrawal from the EU; 
  • Cyber attacks; and
  • Sudden repricing of risk premia as witnessed by the recent spike in volatility and associated market corrections.

The ESA report also raises awareness for risks related to climate change and the transition to a lower-carbon economy.

Some of the key points from the report are:

Brexit: the ESAs recommend that EU financial institutions and their counterparties, as well as investors and retail consumers, consider timely mitigation actions to prepare for the UK's withdrawal from the EU – including possible relocations and actions to address contract continuity risks;

Cyber security: the ESAs encourage financial institutions to improve fragile IT systems, and explore inherent risks to information security, connectivity and outsourcing. To support this, the ESAs will continue addressing cyber risks for securities, banking and insurance markets and monitor firms' use of cloud computing and potential build-up of cyber risks; and 

Climate change: the ESAs recommend that financial institutions consider sustainability risk in their governance and risk management frameworks; should develop responsible, sustainable financial products; and supervisors should enhance their analysis of potential risks related to climate change for the financial sector and financial stability.

Download the report